Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,867
Maven
5,000+
npm
4,488
NuGet
780
pip
4,244
Pub
12
RubyGems
975
Rust
1,096
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,585 advisories

Loading
Argo Workflows affected by stored XSS in the artifact directory listing High
CVE-2026-23960 was published for github.com/argoproj/argo-workflows (Go) Jan 21, 2026
Masamuneee
Credited to Masamuneee
Seroval affected by Denial of Service via Array serialization High
CVE-2026-23957 was published for seroval (npm) Jan 21, 2026
tweidinger lxsmnsyc
Credited to tweidinger and lxsmnsyc
seroval affected by Denial of Service via RegExp serialization High
CVE-2026-23956 was published for seroval (npm) Jan 21, 2026
tweidinger lxsmnsyc
Credited to tweidinger and lxsmnsyc
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization Moderate
CVE-2026-23946 was published for tendenci (pip) Jan 21, 2026
nedlir
Credited to nedlir
@envelop/graphql-modules has a Race Condition vulnerability High
GHSA-h3hw-29fv-2x75 was published for @envelop/graphql-modules (npm) Jan 21, 2026
DuckThom enisdenjo
ardatan
Credited to DuckThom, enisdenjo, and ardatan
go-tuf improperly validates the configured threshold for delegations Moderate
CVE-2026-23992 was published for github.com/theupdateframework/go-tuf/v2 (Go) Jan 21, 2026
1seal kommendorkapten
rdimitrov
Credited to 1seal, kommendorkapten, and rdimitrov
go-tuf affected by client DoS via malformed server response Moderate
CVE-2026-23991 was published for github.com/theupdateframework/go-tuf/v2 (Go) Jan 21, 2026
1seal kommendorkapten
rdimitrov
Credited to 1seal, kommendorkapten, and rdimitrov
sm-crypto Affected by Signature Forgery in SM2-DSA High
CVE-2026-23965 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam
Credited to XlabAITeam
sm-crypto Affected by Signature Malleability in SM2-DSA High
CVE-2026-23967 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam
Credited to XlabAITeam
sm-crypto Affected by Private Key Recovery in SM2-PKE Critical
CVE-2026-23966 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam
Credited to XlabAITeam
CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier Moderate
CVE-2026-23959 was published for coreshop/core-shop (Composer) Jan 21, 2026
bypazs PlyNatwara
Credited to bypazs and PlyNatwara
vLLM affected by RCE via auto_map dynamic module loading during model initialization High
CVE-2026-22807 was published for vllm (pip) Jan 21, 2026
zaddy6 arthurgervais
DarkLight1337 russellb
Credited to zaddy6, arthurgervais, DarkLight1337, and russellb
mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport Moderate
CVE-2026-0895 was published for cpsit/typo3-mailqueue (Composer) Jan 21, 2026
eliashaeussler
Credited to eliashaeussler
seroval Affected by Remote Code Execution via JSON Deserialization High
CVE-2026-23737 was published for seroval (npm) Jan 21, 2026
GabbeV tweidinger
lxsmnsyc
Credited to GabbeV, tweidinger, and lxsmnsyc
seroval Affected by Prototype Pollution via JSON Deserialization High
CVE-2026-23736 was published for seroval (npm) Jan 21, 2026
lxsmnsyc tweidinger
Credited to lxsmnsyc and tweidinger
Laravel Redis Horizontal Scaling Insecure Deserialization Critical
CVE-2026-23524 was published for laravel/reverb (Composer) Jan 21, 2026
m0h4mmad
Credited to m0h4mmad
Keycloak Admin REST API exposes backend schema and rules Low
CVE-2025-14083 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin High
CVE-2026-22022 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Apache Solr: Insufficient file-access checking in standalone core-creation requests High
CVE-2026-22444 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Keycloak services allows the issuance of access and refresh tokens for disabled users Moderate
CVE-2025-14559 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Keycloak does not validate and update refresh token usage atomically Low
CVE-2026-1035 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load Moderate
CVE-2026-23952 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas
Credited to OwenSanzas
ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML Moderate
GHSA-qp59-x883-77qv was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
Keryer
Credited to Keryer
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS High
CVE-2026-23950 was published for tar (npm) Jan 21, 2026
tomasilluminati
Credited to tomasilluminati
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript Moderate
CVE-2026-23874 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas
Credited to OwenSanzas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database