Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,395 advisories

Loading
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This... Critical Unreviewed
CVE-2026-9256 was published May 26, 2026
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows... Critical Unreviewed
CVE-2026-8670 was published May 26, 2026
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to... Critical Unreviewed
CVE-2026-40411 was published May 26, 2026
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's... Critical Unreviewed
CVE-2026-48700 was published May 26, 2026
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache... Critical Unreviewed
CVE-2026-44930 was published May 26, 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron Critical
CVE-2026-46716 was published for github.com/nezhahq/nezha (Go) May 23, 2026
FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory Critical
GHSA-qqqm-5547-774x was published for github.com/gtsteffaniak/filebrowser/backend (Go) May 22, 2026
fg0x0 Credited to fg0x0 and Revanth011 Revanth011 Revanth011
YesWiki: Unauthenticated SQL Injection Critical
CVE-2026-46670 was published for yeswiki/yeswiki (Composer) May 22, 2026
SamyGhannad Credited to SamyGhannad
Apache Camel has an incomplete fix for CVE-2025-27636 Critical
CVE-2026-40453 was published for org.apache.camel:camel-coap (Maven) Apr 27, 2026
kmagdziarz Credited to kmagdziarz
Reliance on Cookies without Validation and Integrity Checking in a Security Decision... Critical Unreviewed
CVE-2023-3050 was published Jun 13, 2023
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size... Critical Unreviewed
CVE-2026-9054 was published May 22, 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found... Critical Unreviewed
CVE-2026-34909 was published May 22, 2026
A malicious actor with access to the network could exploit an Improper Access Control... Critical Unreviewed
CVE-2026-34908 was published May 22, 2026
A malicious actor with access to the network could exploit an Improper Input Validation... Critical Unreviewed
CVE-2026-34910 was published May 22, 2026
A malicious actor with access to the network and high privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-33000 was published May 22, 2026
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2026-6960 was published May 22, 2026
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host Critical
CVE-2026-46703 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam
BoxLite: Permission Bypass Allows Modification of Read-Only Files Critical
CVE-2026-46695 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam
A potential security vulnerability has been identified in the HP Linux Imaging and Printing... Critical Unreviewed
CVE-2026-8631 was published May 20, 2026
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass... Critical Unreviewed
CVE-2026-48207 was published May 21, 2026
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential... Critical Unreviewed
CVE-2026-43406 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out... Critical Unreviewed
CVE-2026-43407 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread... Critical Unreviewed
CVE-2026-43402 was published May 8, 2026
Twig: PHP code injection via `{% use %}` template name Critical
CVE-2026-46633 was published for twig/twig (Composer) May 21, 2026
@hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators Critical
GHSA-q2f7-m237-v562 was published for @hulumi/policies (npm) May 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database