Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,522
NuGet
785
pip
4,262
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction Moderate
CVE-2026-24846 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal egibs
antitree stevebeattie eslerm
Credited to 1seal, egibs, antitree, stevebeattie, and eslerm
malcontent OCI image pull credential exfiltration via malicious registry token realm Moderate
CVE-2026-24845 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal egibs
antitree stevebeattie eslerm
Credited to 1seal, egibs, antitree, stevebeattie, and eslerm
melange's world-writable permissions expose SBOM files to potential image tampering Moderate
CVE-2025-54059 was published for chainguard.dev/melange (Go) Jul 18, 2025
markusboehme egibs
codyharris-h2o-ai stevebeattie eslerm
Credited to markusboehme, egibs, codyharris-h2o-ai, stevebeattie, and eslerm
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-22449 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
stevebeattie
Credited to stevebeattie
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database