Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape High
CVE-2026-44705 was published for tmp (npm) May 27, 2026
Gyde04 Credited to Gyde04 and MaanVader MaanVader MaanVader
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options High
CVE-2026-33941 was published for handlebars (npm) Mar 27, 2026
Gyde04 Credited to Gyde04
glob CLI: Command injection via -c/--cmd executes matches with shell:true High
CVE-2025-64756 was published for glob (npm) Nov 17, 2025
Gyde04 Credited to Gyde04, aisle-research, G-Rath, bchew, qwilr-altonius, llwslc, EinfachHans, skremiec, AlanGreene, and isaacs aisle-research aisle-research
G-Rath G-Rath bchew bchew qwilr-altonius qwilr-altonius llwslc llwslc EinfachHans EinfachHans skremiec skremiec AlanGreene AlanGreene isaacs isaacs
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database