Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster Moderate
CVE-2026-27120 was published for leaf-kit (Swift) Feb 19, 2026
bawolff Credited to bawolff, ptoffy, 0xTim, and gwynne ptoffy ptoffy
0xTim 0xTim gwynne gwynne
Skip the router TLS configuration when the host header is an FQDN High
CVE-2022-23632 was published for github.com/traefik/traefik/v2 (Go) Feb 16, 2022
bawolff Credited to bawolff
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff Credited to bawolff
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion High
GHSA-c27r-x354-4m68 was published for xml-crypto (npm) Oct 27, 2020
bawolff Credited to bawolff
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database