Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

138 advisories

Loading
Netfoil has incorrect allowlist enforcement Moderate
GHSA-84g5-x8j3-7235 was published for github.com/tinfoil-factory/netfoil (Go) Apr 29, 2026
A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs... Moderate Unreviewed
CVE-2026-6861 was published Apr 22, 2026
ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing Low
GHSA-q8h3-jv9v-57qx was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
shitianyu-2004 Credited to shitianyu-2004
ImageMagick has an off-by-one error in MSL decoder could result in crash Moderate
CVE-2026-40312 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
COCOP1l0t Credited to COCOP1l0t
Moby has an Off-by-one error in its plugin privilege validation Moderate
CVE-2026-33997 was published for github.com/docker/docker (Go) Mar 27, 2026
vvoland Credited to vvoland
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an... Moderate Unreviewed
CVE-2026-4887 was published Mar 26, 2026
fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling,... Moderate Unreviewed
CVE-2026-34085 was published Mar 25, 2026
arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the... High Unreviewed
CVE-2026-28520 was published Mar 16, 2026
yauzl contains an off-by-one error Moderate
CVE-2026-31988 was published for yauzl (npm) Mar 12, 2026
adalinesimonian Credited to adalinesimonian
Envoy affected by off-by-one write in JsonEscaper::escapeString() Moderate
CVE-2026-26309 was published for github.com/envoyproxy/envoy (Go) Mar 10, 2026
Finder16 Credited to Finder16, agrawroh, phlax, and botengyao agrawroh agrawroh
phlax phlax botengyao botengyao
OpenClaw has allowlist exec-guard bypass via env -S Moderate
CVE-2026-31992 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ml-dsa's UseHint function has off by two error when r0 equals zero Moderate
GHSA-h37v-hp6w-2pp8 was published for ml-dsa (Rust) Feb 2, 2026
XoifaiI Credited to XoifaiI
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive... Moderate Unreviewed
CVE-2025-71161 was published Jan 23, 2026
In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues... Moderate Unreviewed
CVE-2025-71087 was published Jan 13, 2026
Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to... Moderate Unreviewed
CVE-2025-11215 was published Nov 7, 2025
In the Linux kernel, the following vulnerability has been resolved: mmmremap.c: avoid pointless... Moderate Unreviewed
CVE-2022-49077 was published Oct 14, 2025
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors... Moderate Unreviewed
CVE-2022-50428 was published Oct 1, 2025
In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in... Moderate Unreviewed
CVE-2023-53397 was published Sep 18, 2025
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename Low
CVE-2025-53014 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip Credited to momo-trip, iwashiira, utshina, and on-keyday iwashiira iwashiira
utshina utshina on-keyday on-keyday
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off... Moderate Unreviewed
CVE-2025-38600 was published Aug 19, 2025
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer... Moderate Unreviewed
CVE-2025-54349 was published Aug 3, 2025
Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in... Moderate Unreviewed
CVE-2025-52497 was published Jul 4, 2025
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status... Moderate Unreviewed
CVE-2025-47711 was published Jun 9, 2025
In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one... Moderate Unreviewed
CVE-2023-53143 was published May 2, 2025
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error... Moderate Unreviewed
CVE-2025-23150 was published May 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database