⚠ This page is served via a proxy. Original site: https://github.com
This service does not collect credentials or authentication data.
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,800
Maven
5,000+
npm
4,426
NuGet
773
pip
4,199
Pub
12
RubyGems
968
Rust
1,086
Swift
47
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
`gh attestation verify` returns incorrect exit code during verification if no attestations are present Moderate
CVE-2025-25204 was published for github.com/cli/cli/v2 (Go) Feb 14, 2025
codysoyland phillmv
kommendorkapten jkylekelly
Credited to codysoyland, phillmv, kommendorkapten, and jkylekelly
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack Low
CVE-2024-45395 was published for github.com/sigstore/sigstore-go (Go) Sep 4, 2024
AdamKorcz codysoyland
Credited to AdamKorcz and codysoyland
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature Moderate
CVE-2022-36056 was published for github.com/sigstore/cosign (Go) Sep 16, 2022
codysoyland asraa
haydentherapper
Credited to codysoyland, asraa, and haydentherapper
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database