Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,552
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,803
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

2 advisories

Loading
melange has a path traversal in license-path which allows reading files outside workspace Moderate
CVE-2026-25145 was published for chainguard.dev/melange (Go) Feb 4, 2026
1seal Credited to 1seal, sil2100, antitree, egibs, and eslerm sil2100 sil2100
antitree antitree egibs egibs eslerm eslerm
melange affected by potential host command execution via license-check YAML mode patch pipeline High
CVE-2026-25143 was published for chainguard.dev/melange (Go) Feb 4, 2026
1seal Credited to 1seal, egibs, sil2100, and antitree egibs egibs
sil2100 sil2100 antitree antitree
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database