Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
48
GitHub Actions
48
Go
3,391
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,614
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw Credited to woodruffw and Hayden-IO Hayden-IO Hayden-IO
uv has differential in tar extraction with PAX headers Low
GHSA-w476-p2h3-79g9 was published for uv (pip) Oct 21, 2025
woodruffw Credited to woodruffw and zanieb zanieb zanieb
cryptography has incomplete DNS name constraint enforcement on peer names Low
CVE-2026-34073 was published for cryptography (pip) Mar 27, 2026
1seal Credited to 1seal and woodruffw woodruffw woodruffw
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database