Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,520
NuGet
785
pip
4,260
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,674 advisories

Loading
DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes High
CVE-2026-24836 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
mojav3r bdukes
Credited to mojav3r and bdukes
Clatter has a PSK Validity Rule Violation issue High
CVE-2026-24785 was published for clatter (Rust) Jan 28, 2026
twisteroidambassador
Credited to twisteroidambassador
DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer Moderate
CVE-2026-24784 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes
Credited to bdukes
soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives High
CVE-2026-24783 was published for soroban-fixed-point-math (Rust) Jan 28, 2026
vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector High
CVE-2026-24779 was published for vllm (pip) Jan 28, 2026
leishilong leung-yao
Isotr0py russellb
Credited to leishilong, leung-yao, Isotr0py, and russellb
Ghost vulnerable to XSS via malicious Portal preview links High
CVE-2026-24778 was published for @tryghost/portal (npm) Jan 28, 2026
Hono vulnerable to XSS through ErrorBoundary component Moderate
CVE-2026-24771 was published for hono (npm) Jan 28, 2026
kilkat
Credited to kilkat
Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema Critical
GHSA-5w5r-mf82-595p was published for capnp (Rust) Jan 28, 2026
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog
Credited to nnfrog
Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components High
GHSA-h25m-26qc-wcjf was published for next (npm) Jan 28, 2026
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint Moderate
CVE-2025-59472 was published for next (npm) Jan 28, 2026
billboard.js is vulnerable to XSS during chart option binding High
CVE-2026-1513 was published for billboard.js (npm) Jan 28, 2026
vlt Mishandles Path Sanitization for tar Moderate
CVE-2026-24909 was published for @vltpkg/tar (npm) Jan 28, 2026
PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling High
CVE-2026-24765 was published for phpunit/phpunit (Composer) Jan 27, 2026
aqhmal theseer
Credited to aqhmal and theseer
Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access Moderate
CVE-2026-24748 was published for github.com/akuity/kargo (Go) Jan 27, 2026
StudioCMS has Authorization Bypass Through User-Controlled Key Moderate
CVE-2026-24134 was published for studiocms (npm) Jan 27, 2026
FilipeGaudard Adammatthiesen
Credited to FilipeGaudard and Adammatthiesen
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files High
CVE-2026-24747 was published for pytorch (pip) Jan 27, 2026
azraelxuemo
Credited to azraelxuemo
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer
Credited to nyxsorcerer
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration Moderate
CVE-2025-59471 was published for next (npm) Jan 27, 2026
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) Moderate
CVE-2026-24473 was published for hono (npm) Jan 27, 2026
kilkat JungJoonWoo
Credited to kilkat and JungJoonWoo
Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception Moderate
CVE-2026-24472 was published for hono (npm) Jan 27, 2026
simonkoeck
Credited to simonkoeck
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing Moderate
CVE-2026-24398 was published for hono (npm) Jan 27, 2026
devanshbatham
Credited to devanshbatham
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication Moderate
CVE-2026-23892 was published for OctoPrint (pip) Jan 27, 2026
yueyueL
Credited to yueyueL
Kyverno Denial of Service via Context Variable Amplification in Policy Engine High
CVE-2026-23881 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev
Credited to thevilledev
Kyverno Cross-Namespace Privilege Escalation via Policy apiCall Critical
CVE-2026-22039 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev
Credited to thevilledev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database