Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
path-to-regexp vulnerable to Denial of Service via sequential optional groups High
CVE-2026-4926 was published for path-to-regexp (npm) Mar 27, 2026
uug4na Credited to uug4na, blakeembrey, and UlisesGascon blakeembrey blakeembrey
UlisesGascon UlisesGascon
FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory High
CVE-2026-28492 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 2, 2026
uug4na Credited to uug4na and hacdias hacdias hacdias
lxml-html-clean has <base> tag injection through default Cleaner configuration Moderate
CVE-2026-28350 was published for lxml-html-clean (pip) Mar 2, 2026
uug4na Credited to uug4na, frenzymadness, and befeleme frenzymadness frenzymadness
befeleme befeleme
lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes Moderate
CVE-2026-28348 was published for lxml-html-clean (pip) Mar 2, 2026
uug4na Credited to uug4na and frenzymadness frenzymadness frenzymadness
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() High
GHSA-5c6j-r48x-rmvq was published for serialize-javascript (npm) Feb 28, 2026
uug4na Credited to uug4na and FeBe95 FeBe95 FeBe95
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database