Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing Moderate
CVE-2026-45064 was published for symfony/html-sanitizer (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas and unknownhad unknownhad unknownhad
Homograph attack allows Unicode lookalike characters to bypass validation. High
CVE-2025-27611 was published for base-x (npm) Apr 30, 2025
steveluscher Credited to steveluscher and john-s4d john-s4d john-s4d
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98... Moderate Unreviewed
CVE-2025-0996 was published Feb 15, 2025
If a domain name contained a RTL character, it would cause the domain to be rendered to the right... Moderate Unreviewed
CVE-2021-4221 was published Dec 22, 2022
An issue was discovered in the character definitions of the Unicode Specification through 14.0.... Critical Unreviewed
CVE-2021-42694 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database