Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer High
CVE-2024-52308 was published for github.com/cli/cli (Go) Nov 14, 2024
sarahbarili cmbrose
BlueSzy andyfeller BagToad Ry0taK
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover High
GHSA-2r2v-9pf8-6342 was published for github.com/h44z/wg-portal (Go) Jan 7, 2025
Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database