Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,890
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,217
NuGet
745
pip
3,994
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2 advisories

Loading
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` Critical
GHSA-phf6-hm3h-x8qp was published for broadinstitute/cromwell (GitHub Actions) May 28, 2025
darryk10 loresuso
AlbertoPellitteri
Credited to darryk10, loresuso, and AlbertoPellitteri
Harden-Runner allows evasion of 'disable-sudo' policy Moderate
CVE-2025-32955 was published for step-security/harden-runner (GitHub Actions) Apr 22, 2025
loresuso darryk10
Credited to loresuso and darryk10
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database