Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,092
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

318 advisories

Loading
Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow Low
CVE-2026-6334 was published for github.com/mattermost/mattermost-server (Go) May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8783 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer Low
CVE-2026-8780 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer Low
CVE-2026-8779 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8782 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8781 was published for github.com/omec-project/amf (Go) May 18, 2026
Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields Low
CVE-2026-4053 was published for github.com/mattermost/mattermost-server (Go) May 15, 2026
omec-project amf crashes when processing malformed LocationReports Low
CVE-2026-8349 was published for github.com/omec-project/amf (Go) May 12, 2026
Ella Core has handover failures during concurrent Security Mode Command Low
CVE-2026-44474 was published for github.com/ellanetworks/core (Go) May 11, 2026
SJNA0414 Credited to SJNA0414, ICSR-KMU, and bradypus404 ICSR-KMU ICSR-KMU
bradypus404 bradypus404
bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go Low
CVE-2026-8276 was published for github.com/bettercap/bettercap/v2 (Go) May 11, 2026
bettercap Has an Integer Coercion Error in the ippReadChunkedBody Function Low
CVE-2026-8275 was published for github.com/bettercap/bettercap/v2 (Go) May 11, 2026
nhost has Session Persistence After Password Change Low
GHSA-7hgr-xvrr-xpw3 was published for github.com/nhost/nhost (Go) May 8, 2026
skoveit Credited to skoveit
MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience Low
CVE-2026-44428 was published for github.com/modelcontextprotocol/registry (Go) May 8, 2026
FORIMOC Credited to FORIMOC, Yuremin, and rdimitrov Yuremin Yuremin
rdimitrov rdimitrov
etcd RBAC bypass allows unauthorized data access via PrevKv/lease attachment in nested transaction Put requests Low
CVE-2026-44283 was published for go.etcd.io/etcd (Go) May 7, 2026
SamyGhannad Credited to SamyGhannad
Free5GC AMF has Missing Concurrent NAS SMC Validation During NGAP Handover Low
CVE-2026-42082 was published for github.com/free5gc/amf (Go) May 7, 2026
SJNA0414 Credited to SJNA0414, ICSR-KMU, and bradypus404 ICSR-KMU ICSR-KMU
bradypus404 bradypus404
MediaMTX affected by CVE-2026-27143 due to vulnerable dependency Low
GHSA-2ccx-cjjh-r2j8 was published for github.com/bluenviron/mediamtx (Go) May 6, 2026
OpenBao's Namespace Deletion May Not Delete Data Properly Low
CVE-2026-42186 was published for github.com/openbao/openbao (Go) May 5, 2026
cipherboy Credited to cipherboy
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) Low
CVE-2026-42183 was published for github.com/argoproj/argo-workflows/v4 (Go) May 4, 2026
Wernerina Credited to Wernerina, Joibel, and isubasinghe Joibel Joibel
isubasinghe isubasinghe
Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots Low
CVE-2026-40243 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction Low
GHSA-28xx-pppm-vqff was published for github.com/ydb-platform/ydb-go-sdk/v3 (Go) Apr 30, 2026
kprokopenko Credited to kprokopenko and asmyasnikov asmyasnikov asmyasnikov
Ollama is Vulnerable to Path Traversal Low
CVE-2026-7020 was published for github.com/ollama/ollama (Go) Apr 26, 2026
melange has Path Traversal via .PKGINFO in --persist-lint-results Low
CVE-2026-29051 was published for chainguard.dev/melange (Go) Apr 23, 2026
1seal Credited to 1seal, antitree, and egibs antitree antitree
egibs egibs
pgx: SQL Injection via placeholder confusion with dollar quoted string literals Low
CVE-2026-41889 was published for github.com/jackc/pgx (Go) Apr 22, 2026
OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation Low
CVE-2026-40264 was published for github.com/openbao/openbao (Go) Apr 21, 2026
Zwique Credited to Zwique
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) Low
CVE-2026-39396 was published for github.com/openbao/openbao (Go) Apr 21, 2026
n1rwhex Credited to n1rwhex
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database