Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
48
Go
3,404
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,632
Pub
13
RubyGems
1,026
Rust
1,205
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,350 advisories

Loading
Keycloak has an improper input validation vulnerability Low
CVE-2026-0976 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 15, 2026
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling Moderate
GHSA-595p-g7xc-c333 was published for algolia/algoliasearch-magento-2 (Composer) Jan 14, 2026
IvanChepurnyi Credited to IvanChepurnyi
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch Low
CVE-2026-24001 was published for diff (npm) Jan 14, 2026
guiyi-he Credited to guiyi-he, ExplodingCabbage, G-Rath, and CraigHammondDexcom ExplodingCabbage ExplodingCabbage
G-Rath G-Rath CraigHammondDexcom CraigHammondDexcom
chi has an open redirect vulnerability in the RedirectSlashes middleware Moderate
GHSA-mqqf-5wvp-8fh8 was published for github.com/go-chi/chi (Go) Jan 14, 2026
thanosgn Credited to thanosgn
Pimcore Has an Incomplete Patch for CVE-2023-30848 High
CVE-2026-23492 was published for pimcore/pimcore (Composer) Jan 14, 2026
Snow1nd Credited to Snow1nd
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion Moderate
CVE-2026-22036 was published for undici (npm) Jan 14, 2026
mcollina Credited to mcollina and illia-v illia-v illia-v
pH7-Social-Dating-CMS affected by a stored cross-site scripting (XSS) vulnerability Moderate
CVE-2025-63644 was published for ph7software/ph7builder (Composer) Jan 14, 2026
Shopware Has Improper Control of Generation of Code in Twig rendered views High
CVE-2026-23498 was published for shopware/core (Composer) Jan 14, 2026
lukasz-rybak Credited to lukasz-rybak and andreisss andreisss andreisss
html2pdf.js contains a cross-site scripting vulnerability High
CVE-2026-22787 was published for html2pdf.js (npm) Jan 14, 2026
aydinnyunus Credited to aydinnyunus and eKoopmans eKoopmans eKoopmans
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju Credited to tr4ce-ju
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain Critical
CVE-2026-22686 was published for enclave-vm (npm) Jan 14, 2026
Weblate leaks information via screenshots Low
CVE-2026-21889 was published for weblate (pip) Jan 14, 2026
nijel Credited to nijel and amCap1712 amCap1712 amCap1712
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
Chainlit contains an authorization bypass vulnerability Low
CVE-2025-68492 was published for chainlit (pip) Jan 14, 2026
Concrete5 CMS contains an XPath injection vulnerability Moderate
CVE-2022-50807 was published for concrete5/concrete5 (Composer) Jan 14, 2026
go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message High
CVE-2026-22868 was published for github.com/ethereum/go-ethereum (Go) Jan 13, 2026
Yenya030 Credited to Yenya030
go-ethereum is vulnerable to DoS via malicious p2p message affecting a vulnerable node High
CVE-2026-22862 was published for github.com/ethereum/go-ethereum (Go) Jan 13, 2026
GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE High
CVE-2026-22871 was published for guarddog (pip) Jan 13, 2026
dwBruijn Credited to dwBruijn
GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS High
CVE-2026-22870 was published for guarddog (pip) Jan 13, 2026
dwBruijn Credited to dwBruijn
TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool Moderate
CVE-2026-0859 was published for typo3/cms-core (Composer) Jan 13, 2026
eliashaeussler Credited to eliashaeussler and ohader ohader ohader
Outray cli is vulnerable to race conditions in tunnels creation Moderate
CVE-2026-22820 was published for outray (npm) Jan 13, 2026
gr33pp Credited to gr33pp and SENSEiXENUS SENSEiXENUS SENSEiXENUS
Outray has a Race Condition in the cli's webapp Moderate
CVE-2026-22819 was published for outray (npm) Jan 13, 2026
SENSEiXENUS Credited to SENSEiXENUS and gr33pp gr33pp gr33pp
Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback) High
CVE-2026-22818 was published for hono (npm) Jan 13, 2026
calloc134 Credited to calloc134 and devanshbatham devanshbatham devanshbatham
Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass High
CVE-2026-22817 was published for hono (npm) Jan 13, 2026
calloc134 Credited to calloc134 and devanshbatham devanshbatham devanshbatham
jaraco.context Has a Path Traversal Vulnerability High
CVE-2026-23949 was published for jaraco.context (pip) Jan 13, 2026
tsigouris007 Credited to tsigouris007 and snieguu snieguu snieguu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database