Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

321,239 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk Moderate
CVE-2026-33230 was published for nltk (pip) Mar 18, 2026
Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview High
CVE-2026-33226 was published for budibase (npm) Mar 18, 2026
da7om85 Credited to da7om85
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload Low
CVE-2026-33221 was published for github.com/nhost/nhost (Go) Mar 18, 2026
0xkakash1 Credited to 0xkakash1
Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod Critical
CVE-2026-33211 was published for github.com/tektoncd/pipeline (Go) Mar 18, 2026
1seal Credited to 1seal, vdemeester, afrittoli, and KoreaSecurity vdemeester vdemeester
afrittoli afrittoli KoreaSecurity KoreaSecurity
JustHTML has a Sanitizer Bypass (in Markdown) Moderate
GHSA-3rcm-vjrc-p45j was published for justhtml (pip) Mar 18, 2026
kejcao Credited to kejcao
JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script) Moderate
GHSA-qvc2-mg72-jjhx was published for justhtml (pip) Mar 18, 2026
restriction Credited to restriction
Unsigned SAML LogoutRequest Acceptance in gosaml2 High
GHSA-pcgw-qcv5-h8ch was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
gosaml2 CBC Padding Panic — Unauthenticated Process Crash High
GHSA-hwqm-qvj9-4jr2 was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
validateSignature Loop Variable Capture Signature Bypass in goxmldsig High
GHSA-479m-364c-43vc was published for github.com/russellhaering/goxmldsig (Go) Mar 18, 2026
tomasilluminati Credited to tomasilluminati
Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS Moderate
GHSA-rf74-v2fm-23pw was published for nltk (pip) Mar 18, 2026
ZeroXJacks Credited to ZeroXJacks
mo has a XSS via inline SVG script tags in Markdown rendering Low
GHSA-vccx-p757-pv6h was published for github.com/k1LoW/mo (Go) Mar 18, 2026
yagihash Credited to yagihash
SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering High
CVE-2026-33204 was published for kelvinmo/simplejwt (Composer) Mar 18, 2026
edoardottt Credited to edoardottt
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques High
CVE-2026-33192 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error High
CVE-2026-33191 was published for github.com/free5gc/udm (Go) Mar 18, 2026
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass High
CVE-2026-33203 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
mith36 Credited to mith36
SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass) Moderate
CVE-2026-33194 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
restriction Credited to restriction
gRPC-Go has an authorization bypass via missing leading slash in :path Critical
CVE-2026-33186 was published for google.golang.org/grpc (Go) Mar 18, 2026
MariuszMaik Credited to MariuszMaik
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT High
CVE-2026-33155 was published for deepdiff (pip) Mar 18, 2026
am-periphery Credited to am-periphery
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver High
CVE-2026-33154 was published for dynaconf (pip) Mar 18, 2026
redyank Credited to redyank
HAPI FHIR HTTP authentication leak in redirects Critical
CVE-2026-33180 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 18, 2026
ElliotSilver Credited to ElliotSilver
Filament Unvalidated Range and Values summarizer values can be used for XSS High
CVE-2026-33080 was published for filament/tables (Composer) Mar 18, 2026
danharrin Credited to danharrin
free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request Moderate
CVE-2026-33065 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference High
CVE-2026-33064 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion High
CVE-2026-33063 was published for github.com/free5gc/ausf (Go) Mar 18, 2026
free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter High
CVE-2026-33062 was published for github.com/free5gc/nrf (Go) Mar 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database