Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,092
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
undici WebSocket client vulnerable to denial of service via fragment count bypass High
CVE-2026-12151 was published for undici (npm) Jun 19, 2026
lpinca Credited to lpinca, Nadav0077, and UlisesGascon Nadav0077 Nadav0077
UlisesGascon UlisesGascon
ws: Memory exhaustion DoS from tiny fragments and data chunks High
CVE-2026-48779 was published for ws (npm) Jun 15, 2026
Nadav0077 Credited to Nadav0077
Authelia Missing Username Canonicalization in Basic Auth (LDAP) Low
CVE-2026-47203 was published for github.com/authelia/authelia/v4 (Go) May 29, 2026
Nadav0077 Credited to Nadav0077, james-d-elliott, nightah, and Crowley723 james-d-elliott james-d-elliott
nightah nightah Crowley723 Crowley723
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation Critical
CVE-2026-42560 was published for github.com/go-pkgz/auth (Go) Apr 30, 2026
Nadav0077 Credited to Nadav0077
web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling Moderate
CVE-2026-40072 was published for web3 (pip) Apr 4, 2026
Nadav0077 Credited to Nadav0077
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database