Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
48
GitHub Actions
48
Go
3,391
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,614
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

28,209 advisories

Loading
devalue has prototype pollution in devalue.parse and devalue.unflatten Moderate
CVE-2026-30226 was published for devalue (npm) Mar 12, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github, KarimPwnz, and jviide KarimPwnz KarimPwnz
jviide jviide
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write High
CVE-2026-28693 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
jakelodwick Credited to jakelodwick
ImageMagick has uninitialized pointer dereference in JBIG decoder High
CVE-2026-28691 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
zerojackyi Credited to zerojackyi
ImageMagick has stack write buffer overflow in MNG encoder Moderate
CVE-2026-28690 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
zerojackyi Credited to zerojackyi
ImageMagick has heap use-after-free in the MSL encoder Moderate
CVE-2026-28688 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
ImageMagick has Heap Use-After-Free in ImageMagick MSL decoder Moderate
CVE-2026-28687 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
ImageMagick: Write heap-buffer-overflow in PCL encoder via undersized output buffer Moderate
CVE-2026-28686 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
zerojackyi Credited to zerojackyi
ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays High
CVE-2026-28494 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder Moderate
CVE-2026-28493 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
Winter vulnerable to privilege escalation by authenticated backend users Critical
CVE-2026-27591 was published for winter/wn-backend-module (Composer) Mar 12, 2026
skyhex19 Credited to skyhex19
ImageMagick: Heap overflow in pcd decoder leads to out of bounds read. Moderate
CVE-2026-26284 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder Moderate
CVE-2026-25986 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
ImageMagick has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage) Moderate
CVE-2026-25982 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
marckwei Credited to marckwei
ImageMagick: MSL - Stack overflow in ProcessMSLScript Moderate
CVE-2026-25971 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
unbengable12 Credited to unbengable12
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption Moderate
CVE-2026-25970 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
ImageMagick: MSL attribute stack buffer overflow leads to out of bounds write. High
CVE-2026-25968 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker Critical
CVE-2026-3059 was published for sglang (pip) Mar 12, 2026
Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth) Moderate
GHSA-wgx8-r9vw-2w4h was published for openclaw (npm) Mar 12, 2026 withdrawn
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization High
CVE-2026-3989 was published for sglang (pip) Mar 12, 2026
Keycloak vulnerable to authorization bypass via the Admin API Low
CVE-2026-2366 was published for @keycloak/keycloak-admin-client (Maven) Mar 12, 2026
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module Critical
CVE-2026-3060 was published for sglang (pip) Mar 12, 2026
Duplicate Advisory: OpenClaw safeBins file-existence oracle information disclosure Moderate
GHSA-xjj9-2w6f-jg55 was published for openclaw (npm) Mar 12, 2026 withdrawn
@whyour/qinglong: manipulation of the argument command leads to protection mechanism failure Low
CVE-2026-3965 was published for @whyour/qinglong (npm) Mar 12, 2026
Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication Moderate
CVE-2026-2808 was published for github.com/hashicorp/consul (Go) Mar 12, 2026
yauzl contains an off-by-one error Moderate
CVE-2026-31988 was published for yauzl (npm) Mar 12, 2026
adalinesimonian Credited to adalinesimonian
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database