Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Moderate severity vulnerability that affects rails Moderate
CVE-2007-5379 was published for rails (RubyGems) Oct 24, 2017
katzj Credited to katzj
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack High
CVE-2023-46234 was published for browserify-sign (npm) Oct 26, 2023
roadicing Credited to roadicing, ljharb, and katzj ljharb ljharb
katzj katzj
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski Credited to krassowski, katzj, and CrzyHAX91 katzj katzj
CrzyHAX91 CrzyHAX91
Bokeh server applications have Incomplete Origin Validation in WebSockets Moderate
CVE-2026-21883 was published for bokeh (pip) Jan 6, 2026
katzj Credited to katzj and aydinnyunus aydinnyunus aydinnyunus
brace-expansion: Zero-step sequence causes process hang and memory exhaustion Moderate
CVE-2026-33750 was published for brace-expansion (npm) Mar 26, 2026
subhashdasyam Credited to subhashdasyam, katzj, and navgarcha katzj katzj
navgarcha navgarcha
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database