Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username Moderate
CVE-2026-45309 was published for asyncssh (pip) May 27, 2026
0xHunSec Credited to 0xHunSec
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance Moderate
CVE-2026-46715 was published for Flask-Security-Too (pip) May 22, 2026
0xHunSec Credited to 0xHunSec
Mako: Path traversal via double-slash URI prefix in TemplateLookup High
CVE-2026-41205 was published for Mako (pip) Apr 16, 2026
0xHunSec Credited to 0xHunSec and augustocesarperin augustocesarperin augustocesarperin
Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup High
CVE-2026-44307 was published for Mako (pip) May 6, 2026
0xHunSec Credited to 0xHunSec
python-liquid: Absolute paths escape filesystem loader search path High
CVE-2026-45017 was published for python-liquid (pip) May 11, 2026
0xHunSec Credited to 0xHunSec
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database