Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

643 advisories

Loading
Kyverno Controller Denial of Service via forEach Mutation Panic High
CVE-2026-41485 was published for github.com/kyverno/kyverno (Go) Apr 24, 2026
thevilledev Credited to thevilledev
In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious... Moderate Unreviewed
CVE-2026-31567 was published Apr 24, 2026
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients Moderate
CVE-2026-41585 was published for zebra-rpc (Rust) Apr 18, 2026
upbqdn Credited to upbqdn, mpguerra, and conradoplg mpguerra mpguerra
conradoplg conradoplg
Zebra has rk Identity Point Panic in Transaction Verification Critical
CVE-2026-41584 was published for zebra-chain (Rust) Apr 18, 2026
conradoplg Credited to conradoplg and mpguerra mpguerra mpguerra
nimiq-consensus panics via RequestMacroChain micro-block locator Moderate
CVE-2026-34069 was published for nimiq-consensus (Rust) Apr 13, 2026
jsdanielh Credited to jsdanielh and 1seal 1seal 1seal
CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing Moderate
CVE-2026-30867 was published for CocoaMQTT (Swift) Apr 3, 2026
t5uki Credited to t5uki
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion... High Unreviewed
CVE-2026-4046 was published Mar 30, 2026
A user with access to the cluster with a limited set of privilege actions can trigger a crash of... Moderate Unreviewed
CVE-2026-5170 was published Mar 30, 2026
libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling High
CVE-2026-34219 was published for libp2p-gossipsub (Rust) Mar 30, 2026
Under certain conditions, `named` may crash when processing a correctly signed query containing a... Moderate Unreviewed
CVE-2026-3119 was published Mar 25, 2026
In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files... Moderate Unreviewed
CVE-2026-23375 was published Mar 25, 2026
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in... Moderate Unreviewed
CVE-2026-23380 was published Mar 25, 2026
In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in... Moderate Unreviewed
CVE-2026-23356 was published Mar 25, 2026
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea... High Unreviewed
CVE-2026-3608 was published Mar 25, 2026
Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local... High Unreviewed
CVE-2026-23555 was published Mar 23, 2026
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145 High
CVE-2026-32314 was published for yamux (Rust) Mar 13, 2026
A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09... Moderate Unreviewed
CVE-2025-69653 was published Mar 6, 2026
In the Linux kernel, the following vulnerability has been resolved: romfs: check... Moderate Unreviewed
CVE-2026-23238 was published Mar 4, 2026
Transient DOS when an LTE RLC packet with invalid TB is received by UE. Moderate Unreviewed
CVE-2025-47371 was published Mar 2, 2026
Transient DOS when MAC configures config id greater than supported maximum value. Moderate Unreviewed
CVE-2025-47384 was published Mar 2, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function... Moderate Unreviewed
CVE-2026-2523 was published Feb 16, 2026
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric... Moderate Unreviewed
CVE-2025-48019 was published Feb 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database