Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
Handlebars.js has JavaScript Injection via AST Type Confusion Critical
CVE-2026-33937 was published for handlebars (npm) Mar 27, 2026
RealHurrison Credited to RealHurrison
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149... Critical Unreviewed
CVE-2026-4702 was published Mar 24, 2026
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2026-4698 was published Mar 24, 2026
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2026-2796 was published Feb 24, 2026
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized... Critical Unreviewed
CVE-2026-24874 was published Jan 27, 2026
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT... Critical Unreviewed
CVE-2025-65570 was published Dec 29, 2025
Permission control vulnerability in the memory management module. Impact: Successful exploitation... Critical Unreviewed
CVE-2025-64314 was published Nov 28, 2025
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr&... Critical Unreviewed
CVE-2025-47151 was published Nov 5, 2025
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau... Critical Unreviewed
CVE-2025-26496 was published Aug 22, 2025
A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit... Critical Unreviewed
CVE-2024-24421 was published Jan 22, 2025
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to... Critical Unreviewed
CVE-2018-9471 was published Nov 20, 2024
Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability Critical
GHSA-8rxm-6783-qh55 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an... Critical Unreviewed
CVE-2024-8385 was published Sep 3, 2024
A potentially exploitable type confusion could be triggered when looking up a property name on an... Critical Unreviewed
CVE-2024-8381 was published Sep 3, 2024
In venc, there is a possible out of bounds write due to type confusion. This could lead to local... Critical Unreviewed
CVE-2024-20078 was published Jul 1, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML Critical
CVE-2024-34391 was published for libxmljs (npm) May 2, 2024
libxmljs2 type confusion vulnerability when parsing specially crafted XML Critical
CVE-2024-34393 was published for libxmljs2 (npm) May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML Critical
CVE-2024-34392 was published for libxmljs (npm) May 2, 2024
libxmljs2 vulnerable to type confusion when parsing specially crafted XML Critical
CVE-2024-34394 was published for libxmljs2 (npm) May 2, 2024
macariomartins Credited to macariomartins
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in ... Critical Unreviewed
CVE-2023-43154 was published Sep 27, 2023
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x... Critical Unreviewed
CVE-2023-42464 was published Sep 20, 2023
In multiple locations, there is a possible code execution due to type confusion. This could lead... Critical Unreviewed
CVE-2023-21287 was published Aug 15, 2023
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content... Critical Unreviewed
CVE-2023-38199 was published Jul 13, 2023
Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions.... Critical Unreviewed
CVE-2022-48511 was published Jul 6, 2023
An error in Hermes' algorithm for copying objects properties prior to commit... Critical Unreviewed
CVE-2023-23557 was published May 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database