Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,822
Maven
5,000+
npm
4,448
NuGet
774
pip
4,218
Pub
12
RubyGems
970
Rust
1,089
Swift
47
Unreviewed advisories
All unreviewed
5,000+

25,413 advisories

Loading
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling Moderate
GHSA-595p-g7xc-c333 was published for algolia/algoliasearch-magento-2 (Composer) Jan 14, 2026
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch Low
GHSA-73rr-hh4g-fpgx was published for diff (npm) Jan 14, 2026
guiyi-he ExplodingCabbage
Credited to guiyi-he and ExplodingCabbage
chi has an open redirect vulnerability in the RedirectSlashes middleware Moderate
GHSA-mqqf-5wvp-8fh8 was published for github.com/go-chi/chi (Go) Jan 14, 2026
thanosgn
Credited to thanosgn
Pimcore Has an Incomplete Patch for CVE-2023-30848 High
CVE-2026-23492 was published for pimcore/pimcore (Composer) Jan 14, 2026
Snow1nd
Credited to Snow1nd
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion Low
CVE-2026-22036 was published for undici (npm) Jan 14, 2026
mcollina illia-v
Credited to mcollina and illia-v
Shopware Has Improper Control of Generation of Code in Twig rendered views High
CVE-2026-23498 was published for shopware/core (Composer) Jan 14, 2026
lukasz-rybak
Credited to lukasz-rybak
html2pdf.js contains a cross-site scripting vulnerability High
CVE-2026-22787 was published for html2pdf.js (npm) Jan 14, 2026
aydinnyunus eKoopmans
Credited to aydinnyunus and eKoopmans
BlackSheep's ClientSession is vulnerable to CRLF injection Moderate
CVE-2026-22779 was published for blacksheep (pip) Jan 14, 2026
tr4ce-ju
Credited to tr4ce-ju
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain Critical
CVE-2026-22686 was published for enclave-vm (npm) Jan 14, 2026
Weblate leaks information via screenshots Low
CVE-2026-21889 was published for weblate (pip) Jan 14, 2026
nijel amCap1712
Credited to nijel and amCap1712
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
Chainlit contains an authorization bypass vulnerability Low
CVE-2025-68492 was published for chainlit (pip) Jan 14, 2026
Concrete5 CMS contains an XPath injection vulnerability Moderate
CVE-2022-50807 was published for concrete5/concrete5 (Composer) Jan 14, 2026
go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message High
CVE-2026-22868 was published for github.com/ethereum/go-ethereum (Go) Jan 13, 2026
Yenya030
Credited to Yenya030
go-ethereum is vulnerable to DoS via malicious p2p message affecting a vulnerable node High
CVE-2026-22862 was published for github.com/ethereum/go-ethereum (Go) Jan 13, 2026
GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE High
CVE-2026-22871 was published for guarddog (pip) Jan 13, 2026
dwBruijn
Credited to dwBruijn
GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS High
CVE-2026-22870 was published for guarddog (pip) Jan 13, 2026
dwBruijn
Credited to dwBruijn
TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool Moderate
CVE-2026-0859 was published for typo3/cms-core (Composer) Jan 13, 2026
Outray cli is vulnerable to race conditions in tunnels creation Moderate
CVE-2026-22820 was published for outray (npm) Jan 13, 2026
gr33pp SENSEiXENUS
Credited to gr33pp and SENSEiXENUS
Outray has a Race Condition in the cli's webapp Moderate
CVE-2026-22819 was published for outray (npm) Jan 13, 2026
SENSEiXENUS gr33pp
Credited to SENSEiXENUS and gr33pp
Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback) High
CVE-2026-22818 was published for hono (npm) Jan 13, 2026
calloc134 devanshbatham
Credited to calloc134 and devanshbatham
Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass High
CVE-2026-22817 was published for hono (npm) Jan 13, 2026
calloc134 devanshbatham
Credited to calloc134 and devanshbatham
jaraco.context Has a Path Traversal Vulnerability High
GHSA-58pv-8j8x-9vj2 was published for jaraco.context (pip) Jan 13, 2026
tsigouris007
Credited to tsigouris007
Azure Core is vulnerable to deserialization of untrusted data High
CVE-2026-21226 was published for azure-core (pip) Jan 13, 2026
TYPO3 CMS Allows Broken Access Control in Recycler Module High
CVE-2025-59022 was published for typo3/cms-recycler (Composer) Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database