Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
Incus has a Nil-Pointer Dereference Panic via Instance Backup Import (volume omitted) Moderate
CVE-2026-47753 was published for github.com/lxc/incus/v7 (Go) Jun 10, 2026
tonghuaroot Credited to tonghuaroot and stgraber stgraber stgraber
Incus is affected by unbounded binary import disk exhaustion Moderate
CVE-2026-41685 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has Nil Dereferences on Restore via Malformed YAML Moderate
CVE-2026-41684 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
raefko Credited to raefko, Ectario, and stgraber Ectario Ectario
stgraber stgraber
Incus has Unbounded YAML Metadata Decode via Parsing Moderate
CVE-2026-41648 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
raefko Credited to raefko, Ectario, and stgraber Ectario Ectario
stgraber stgraber
Incus has Nil-Pointer Dereference via S3 Bucket Import Moderate
CVE-2026-41647 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
raefko Credited to raefko, Ectario, and stgraber Ectario Ectario
stgraber stgraber
Incus Vulnerable to Panic via Snapshot Bounds Check High
CVE-2026-40251 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots Low
CVE-2026-40243 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has a Nil-Pointer Dereference via Custom Volume Import High
CVE-2026-40197 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata High
CVE-2026-40195 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has Blind SSRF via Image Import Preflight HEAD Moderate
CVE-2026-35527 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has an abitrary file write through its systemd-creds options Critical
CVE-2026-33945 was published for github.com/lxc/incus/v6 (Go) Mar 27, 2026
stgraber Credited to stgraber, grmpyninja, and stamparm grmpyninja grmpyninja
stamparm stamparm
Local Incus UI web server vulnerable to nuthentication bypass High
CVE-2026-33898 was published for github.com/lxc/incus/v6/cmd/incus (Go) Mar 27, 2026
grmpyninja Credited to grmpyninja and stgraber stgraber stgraber
Incus vulnerable to arbitrary file read and write through pongo templates Critical
CVE-2026-33897 was published for github.com/lxc/incus (Go) Mar 27, 2026
grmpyninja Credited to grmpyninja and stgraber stgraber stgraber
Incus vulnerable to denial of source through crafted bucket backup file Moderate
CVE-2026-33743 was published for github.com/lxc/incus (Go) Mar 27, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus vulnerable to local privilege escalation through VM screenshot path Moderate
CVE-2026-33711 was published for github.com/lxc/incus/v6 (Go) Mar 27, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus does not verify combined fingerprint when downloading images from simplestreams servers High
CVE-2026-33542 was published for github.com/lxc/incus/v6/client (Go) Mar 27, 2026
wl2018 Credited to wl2018 and stgraber stgraber stgraber
Incus container image templating arbitrary host file read and write High
CVE-2026-23954 was published for github.com/lxc/incus/v6/cmd/incusd (Go) Jan 22, 2026
rmcnamara-snyk Credited to rmcnamara-snyk and stgraber stgraber stgraber
Incus container environment configuration newline injection High
CVE-2026-23953 was published for github.com/lxc/incus/v6 (Go) Jan 22, 2026
rmcnamara-snyk Credited to rmcnamara-snyk and stgraber stgraber stgraber
LXD vulnerable to a local privilege escalation through custom storage volumes High
GHSA-3g2j-vm47-x4mj was published for github.com/canonical/lxd (Go) Nov 13, 2025
abdodz1234 Credited to abdodz1234 and stgraber stgraber stgraber
Incus vulnerable to local privilege escalation through custom storage volumes High
CVE-2025-64507 was published for github.com/lxc/incus/v6 (Go) Nov 13, 2025
abdodz1234 Credited to abdodz1234, stgraber, and hallyn stgraber stgraber
hallyn hallyn
Incus creates nftables rules that partially bypass security options High
CVE-2025-52890 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obalpetre-anssi Credited to obalpetre-anssi and stgraber stgraber stgraber
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obalpetre-anssi Credited to obalpetre-anssi and stgraber stgraber stgraber
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database