Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
53
Go
4,047
Maven
5,000+
npm
5,000+
NuGet
978
pip
5,000+
Pub
13
RubyGems
1,071
Rust
1,405
Swift
61
Unreviewed advisories
All unreviewed
5,000+

2 advisories

Loading
GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands High
CVE-2026-48501 was published for github.com/cli/cli/v2 (Go) May 29, 2026
BagToad Credited to BagToad, kommendorkapten, babakks, and nophlyzone kommendorkapten kommendorkapten
babakks babakks nophlyzone nophlyzone
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server Moderate
CVE-2025-48938 was published for github.com/cli/go-gh/v2 (Go) May 30, 2025
andyfeller Credited to andyfeller, williammartin, BagToad, babakks, matt-, shilpakum, and vcsjones williammartin williammartin
BagToad BagToad babakks babakks matt- matt- shilpakum shilpakum vcsjones vcsjones
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database