Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

335,515 advisories

Loading
llm CLI tool contains a code injection vulnerability via `--functions` command-line argument Critical
CVE-2026-31236 was published for llm (pip) May 12, 2026
Ludwig framework is vulnerable to insecure deserialization through its predict() method. Critical
CVE-2026-31237 was published for ludwig (pip) May 12, 2026
Ludwig framework is vulnerable to insecure deserialization in its model serving component Critical
CVE-2026-31238 was published for ludwig (pip) May 12, 2026
mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub Critical
CVE-2026-31239 was published for mamba-ssm (pip) May 12, 2026
Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism Critical
CVE-2026-31233 was published for guardrails-ai (pip) May 12, 2026
Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component Critical
CVE-2026-31234 was published for horovod (pip) May 12, 2026
AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username Moderate
CVE-2026-45309 was published for asyncssh (pip) May 27, 2026
0xHunSec Credited to 0xHunSec
Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex Low
CVE-2026-45305 was published for symfony/symfony (Composer) May 27, 2026
Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs") Low
CVE-2026-45304 was published for symfony/symfony (Composer) May 27, 2026
Symfony hardened the parser when handling untrusted input Low
CVE-2026-45133 was published for symfony/symfony (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas and suidpit suidpit suidpit
Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint High
CVE-2026-45332 was published for automad/automad (Composer) May 27, 2026
lorenzocamilli Credited to lorenzocamilli
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote... High Unreviewed
CVE-2026-38427 was published May 27, 2026
A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of... Moderate Unreviewed
CVE-2026-38931 was published May 27, 2026
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file... High Unreviewed
CVE-2026-48922 was published May 27, 2026
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37711 was published May 27, 2026
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate... High Unreviewed
CVE-2026-31266 was published May 27, 2026
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras:... High Unreviewed
CVE-2025-70103 was published May 27, 2026
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker... High Unreviewed
CVE-2026-38426 was published May 27, 2026
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of... Moderate Unreviewed
CVE-2026-30498 was published May 27, 2026
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets... Critical Unreviewed
CVE-2026-42496 was published May 26, 2026
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android... Low Unreviewed
CVE-2025-68710 was published May 26, 2026
Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator... High Unreviewed
CVE-2026-42782 was published May 26, 2026
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with... Critical Unreviewed
CVE-2026-8376 was published May 26, 2026
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with... Low Unreviewed
CVE-2025-68708 was published May 26, 2026
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android... Low Unreviewed
CVE-2025-68711 was published May 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database