Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

126,194 advisories

Loading
LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex High
CVE-2026-45617 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend High
CVE-2026-45368 was published for getkirby/cms (Composer) May 27, 2026
offset Credited to offset
LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime) High
CVE-2026-45357 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling High
CVE-2026-45260 was published for pimcore/pimcore (Composer) May 27, 2026
larlarua Credited to larlarua
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction High
CVE-2026-45162 was published for pimcore/pimcore (Composer) May 27, 2026
tikket1 Credited to tikket1
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator High
CVE-2026-45063 was published for symfony/security-http (Composer) May 27, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-49046 was published May 27, 2026
Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers... High Unreviewed
CVE-2026-6957 was published May 27, 2026
Agent Zero before version 1.15 contains a path traversal vulnerability that allows... High Unreviewed
CVE-2026-47118 was published May 27, 2026
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote... High Unreviewed
CVE-2026-48545 was published May 27, 2026
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the... High Unreviewed
CVE-2026-48544 was published May 27, 2026
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64`... High Unreviewed
CVE-2026-48920 was published May 27, 2026
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file... High Unreviewed
CVE-2026-48922 was published May 27, 2026
Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit... High Unreviewed
CVE-2026-48921 was published May 27, 2026
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed... High Unreviewed
CVE-2026-8180 was published May 27, 2026
IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default... High Unreviewed
CVE-2026-7365 was published May 27, 2026
IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource... High Unreviewed
CVE-2026-7528 was published May 27, 2026
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed... High Unreviewed
CVE-2026-8179 was published May 27, 2026
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37711 was published May 27, 2026
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate... High Unreviewed
CVE-2026-31266 was published May 27, 2026
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras:... High Unreviewed
CVE-2025-70103 was published May 27, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-48972 was published May 27, 2026
IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a... High Unreviewed
CVE-2026-5065 was published May 27, 2026
IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker... High Unreviewed
CVE-2026-3623 was published May 27, 2026
IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0... High Unreviewed
CVE-2026-3366 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database