Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,800
Maven
5,000+
npm
4,426
NuGet
773
pip
4,199
Pub
12
RubyGems
968
Rust
1,086
Swift
47
Unreviewed advisories
All unreviewed
5,000+

25,328 advisories

Loading
SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt() High
CVE-2026-22699 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam
Credited to XlabAITeam
Fickling vulnerable to detection bypass due to "builtins" blindness High
CVE-2026-22612 was published for fickling (pip) Jan 9, 2026
0x-Apollyon
Credited to 0x-Apollyon
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam
Credited to XlabAITeam
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist High
CVE-2026-22609 was published for fickling (pip) Jan 9, 2026
mldangelo
Credited to mldangelo
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection High
CVE-2026-22608 was published for fickling (pip) Jan 9, 2026
0x-Apollyon
Credited to 0x-Apollyon
Fickling Blocklist Bypass: cProfile.run() High
CVE-2026-22607 was published for fickling (pip) Jan 9, 2026
beneaththecode
Credited to beneaththecode
Fickling has a bypass via runpy.run_path() and runpy.run_module() High
CVE-2026-22606 was published for fickling (pip) Jan 9, 2026
beneaththecode
Credited to beneaththecode
October CMS Vulnerable to Stored XSS via Branding Styles Moderate
CVE-2025-61676 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek daftspunk
Credited to nakkouchtarek and daftspunk
mnl has segmentation fault and invalid memory read in `mnl::cb_run` Low
GHSA-585q-cm62-757j was published for mnl (Rust) Jan 9, 2026
pypdf has possible long runtimes for malformed startxref Low
GHSA-4f6g-68pf-7vhv was published for pypdf (pip) Jan 9, 2026
mkaalto stefan6419846
Credited to mkaalto and stefan6419846
pypdf has possible long runtimes for missing /Root object with large /Size values Low
GHSA-4xc4-762w-m6cg was published for pypdf (pip) Jan 9, 2026
N0zoM1z0 stefan6419846
Credited to N0zoM1z0 and stefan6419846
jose-swift has JWT Signature Verification Bypass via None Algorithm High
GHSA-88q6-jcjg-hvmw was published for github.com/beatt83/jose-swift (Swift) Jan 9, 2026
snyff
Credited to snyff
WeKnora has Command Injection in MCP stdio test Critical
GHSA-78h3-63c4-5fqc was published for github.com/Tencent/WeKnora (Go) Jan 9, 2026
im-soohyun
Credited to im-soohyun
WeKnora vulnerable to SQL Injection High
GHSA-pcwc-3fw3-8cqv was published for github.com/Tencent/WeKnora (Go) Jan 9, 2026
passer-W
Credited to passer-W
AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value Low
CVE-2026-22611 was published for AWSSDK.Core (NuGet) Jan 9, 2026
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes High
CVE-2026-22610 was published for @angular/compiler (npm) Jan 9, 2026
alan-agius4 josephperrott
AndrewKushnir hybrist ShelbyKelley gkalpak
Credited to alan-agius4, josephperrott, AndrewKushnir, hybrist, ShelbyKelley, and gkalpak
XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService Critical
CVE-2025-65091 was published for org.xwiki.contrib:macro-fullcalendar-pom (Maven) Jan 9, 2026
XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService Moderate
CVE-2025-65090 was published for org.xwiki.contrib:macro-fullcalendar-pom (Maven) Jan 9, 2026
October CMS Vulnerable to Stored XSS via Editor and Branding Styles Moderate
CVE-2025-61674 was published for october/system (Composer) Jan 9, 2026
nakkouchtarek daftspunk
Credited to nakkouchtarek and daftspunk
FASTJSON Includes Functionality from Untrusted Control Sphere Critical
CVE-2025-70974 was published for com.alibaba:fastjson (Maven) Jan 9, 2026
Authlib has 1-click Account Takeover vulnerability Moderate
CVE-2025-68158 was published for authlib (pip) Jan 8, 2026
davidbors-snyk
Credited to davidbors-snyk
AWS SDK for Swift adopted defense in depth enhancement for region parameter value Low
GHSA-pc9j-5v36-2mww was published for github.com/awslabs/aws-sdk-swift (Swift) Jan 8, 2026
JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3 Low
GHSA-j965-2qgj-vjmq was published for aws-sdk (npm) Jan 8, 2026
AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value Low
GHSA-6475-r3vj-m8vf was published for @smithy/config-resolver (npm) Jan 8, 2026
vLLM introduced enhanced protection for CVE-2025-62164 High
GHSA-mcmc-2m55-j8jj was published for vllm (pip) Jan 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database