Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
Memory Exhaustion in Expr Parser with Unrestricted Input High
CVE-2025-29786 was published for github.com/expr-lang/expr (Go) Mar 17, 2025
thevilledev
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR Critical
CVE-2025-32445 was published for github.com/argoproj/argo-events (Go) Apr 14, 2025
thevilledev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database