Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,818
Erlang
23
GitHub Actions
38
Go
2,203
Maven
2,576
npm
2,819
NuGet
487
pip
2,656
Pub
5
RubyGems
328
Rust
877
Swift
19
Unreviewed advisories
All unreviewed
5,000+

5,949 advisories

Loading
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for... Low Unreviewed
CVE-2026-6019 was published Apr 22, 2026
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length Low
CVE-2026-41677 was published for openssl (Rust) Apr 22, 2026
pgx: SQL Injection via placeholder confusion with dollar quoted string literals Low
GHSA-j88v-2chj-qfwx was published for github.com/jackc/pgx (Go) Apr 22, 2026
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
A logic error in the expr utility of uutils coreutils causes the program to evaluate... Low Unreviewed
CVE-2026-35378 was published Apr 22, 2026
A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only... Low Unreviewed
CVE-2026-35381 was published Apr 22, 2026
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when... Low Unreviewed
CVE-2026-35371 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1... Low Unreviewed
CVE-2026-3254 was published Apr 22, 2026
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the ... Low Unreviewed
CVE-2026-35379 was published Apr 22, 2026
A logic error in the ln utility of uutils coreutils causes the program to reject source paths... Low Unreviewed
CVE-2026-35373 was published Apr 22, 2026
A logic error in the split utility of uutils coreutils causes the corruption of output filenames... Low Unreviewed
CVE-2026-35375 was published Apr 22, 2026
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command... Low Unreviewed
CVE-2026-35377 was published Apr 22, 2026
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion... Low Unreviewed
CVE-2026-35346 was published Apr 22, 2026
The nohup utility in uutils coreutils creates its default output file, nohup.out, without... Low Unreviewed
CVE-2026-35367 was published Apr 22, 2026
The mknod utility in uutils coreutils fails to handle security labels atomically by creating... Low Unreviewed
CVE-2026-35361 was published Apr 22, 2026
The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to... Low Unreviewed
CVE-2026-35362 was published Apr 22, 2026
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by... Low Unreviewed
CVE-2026-35353 was published Apr 22, 2026
The dd utility in uutils coreutils suppresses errors during file truncation operations by... Low Unreviewed
CVE-2026-35344 was published Apr 22, 2026
The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a... Low Unreviewed
CVE-2026-35343 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18... Low Unreviewed
CVE-2025-9957 was published Apr 22, 2026
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment... Low Unreviewed
CVE-2026-35342 was published Apr 22, 2026
PRSD detection denial of service Low Unreviewed
CVE-2026-33597 was published Apr 22, 2026
A client might theoretically be able to cause a mismatch between queries sent to a backend and... Low Unreviewed
CVE-2026-33596 was published Apr 22, 2026
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request,... Low Unreviewed
CVE-2026-33599 was published Apr 22, 2026
Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 Low
CVE-2026-41140 was published for poetry (pip) Apr 22, 2026
kodareef5 Credited to kodareef5 and radoering radoering radoering
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database