Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,212
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,494
Pub
12
RubyGems
995
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters High
CVE-2026-33142 was published for oneuptime (npm) Mar 18, 2026
vnykmshr Credited to vnykmshr
SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) Critical
GHSA-4mx9-3c2h-hwhg was published for github.com/siyuan-note/siyuan (Go) Mar 17, 2026
vnykmshr Credited to vnykmshr
soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import Critical
CVE-2026-30832 was published for github.com/charmbracelet/soft-serve (Go) Mar 6, 2026
vnykmshr Credited to vnykmshr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database