GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15,176 advisories
Filter by severity
ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark()...
Low
Unreviewed
CVE-2026-56364
was published
Jul 1, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information...
Low
Unreviewed
CVE-2026-9836
was published
Jun 30, 2026
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when...
Low
Unreviewed
CVE-2026-11979
was published
Jun 29, 2026
Duplicate Advisory: Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles
Low
GHSA-9p6c-jcw8-x98f
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Open Babel has out-of-bounds write (overlapping memcpy) in zipstream basic_unzip_streambuf::underflow
Low
CVE-2025-10995
was published
for
openbabel
(pip)
Jun 30, 2026
Duplicate Advisory: Open Babel has out-of-bounds write (overlapping memcpy) in zipstream basic_unzip_streambuf::underflow
Low
GHSA-5gfq-xrq4-34rj
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header
Low
CVE-2026-44242
was published
for
io.micronaut:micronaut-inject
(Maven)
May 6, 2026
Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule
Low
CVE-2025-10994
was published
for
openbabel
(pip)
Jun 30, 2026
Duplicate Advisory: Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule
Low
GHSA-5fgf-q57f-wwqf
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence
Low
CVE-2026-3408
was published
for
openbabel
(pip)
Jun 30, 2026
Duplicate Advisory: Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence
Low
GHSA-fg6r-xgp8-x64r
was published
for
openbabel
(pip)
Mar 2, 2026
•
withdrawn
Open Babel has NULL pointer dereference in MOL2 OBAtom::SetFormalCharge
Low
CVE-2026-2705
was published
for
openbabel
(pip)
Jun 30, 2026
Duplicate Advisory: Open Babel has NULL pointer dereference in MOL2 OBAtom::SetFormalCharge
Low
GHSA-3f56-w4g2-mx64
was published
for
openbabel
(pip)
Feb 19, 2026
•
withdrawn
Open Babel has an out-of-bounds read in CIF transform3d::DescribeAsString
Low
CVE-2026-2704
was published
for
openbabel
(pip)
Jun 30, 2026
Duplicate Advisory: Open Babel has an out-of-bounds read in CIF transform3d::DescribeAsString
Low
GHSA-2m54-8m6g-qf93
was published
for
openbabel
(pip)
Feb 19, 2026
•
withdrawn
Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Low
CVE-2026-48805
was published
for
twig/twig
(Composer)
Jun 30, 2026
In the Tarfile.extract() function, the filter parameter is not passed properly when extracting...
Low
Unreviewed
CVE-2026-4360
was published
Jun 30, 2026
SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with...
Low
Unreviewed
CVE-2026-58371
was published
Jun 30, 2026
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run...
Low
Unreviewed
CVE-2026-58171
was published
Jun 30, 2026
Sigstore Java has a vulnerability with bundle verification of integratedTime
Low
CVE-2026-48791
was published
for
dev.sigstore:sigstore-java
(Maven)
Jun 30, 2026
TCC-TRANSACTION has an Improper Input Validation vulnerability
Low
CVE-2026-9497
was published
for
org.mengyun:tcc-transaction
(Maven)
May 26, 2026
hermes-agent has an Incorrect Comparison
Low
CVE-2026-9369
was published
for
hermes-agent
(pip)
May 26, 2026
jasypt-spring-boot Uses a One-Way Hash without a Salt
Low
CVE-2026-9370
was published
for
com.github.ulisesbocchio:jasypt-spring-boot
(Maven)
May 26, 2026
CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time...
Low
Unreviewed
CVE-2026-13758
was published
Jun 29, 2026
ProTip!
Advisories are also available from the
GraphQL API