Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses Moderate
CVE-2026-39409 was published for hono (npm) Apr 8, 2026
r74tech Credited to r74tech
Vite: `server.fs.deny` bypassed with queries High
CVE-2026-39364 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, ritikchaddha, neo-ai-engineer, instantraaamen, fg0x0, jonathanwd, kq5y, and bluwy ritikchaddha ritikchaddha
neo-ai-engineer neo-ai-engineer instantraaamen instantraaamen fg0x0 fg0x0 jonathanwd jonathanwd kq5y kq5y bluwy bluwy
Rack:: Static header_rules bypass via URL-encoded paths Moderate
CVE-2026-34786 was published for rack (RubyGems) Apr 2, 2026
haruki0409 Credited to haruki0409, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url... Moderate Unreviewed
CVE-2026-34475 was published Mar 27, 2026
OpenClaw has a workspace-only sandbox guard mismatch for @-prefixed absolute paths Moderate
CVE-2026-32033 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP High
CVE-2026-24895 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
AbdrrahimDahmani Credited to AbdrrahimDahmani, dunglas, and hans362 dunglas dunglas
hans362 hans362
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause... Moderate Unreviewed
CVE-2025-33194 was published Nov 25, 2025
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9.... Moderate Unreviewed
CVE-2025-43716 was published Apr 23, 2025
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write High
CVE-2025-29787 was published for zip (Rust) Mar 17, 2025
eternal-flame-AD Credited to eternal-flame-AD and Pr0methean Pr0methean Pr0methean
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such... Low Unreviewed
CVE-2024-28607 was published Mar 11, 2025
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Moderate
GHSA-7jmw-8259-q9jx was published for github.com/traefik/traefik (Go) Jun 11, 2024
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to... Critical Unreviewed
CVE-2022-26136 was published Jul 21, 2022
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause... High Unreviewed
CVE-2022-26137 was published Jul 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database