Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,395 advisories

Loading
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For... Critical Unreviewed
CVE-2026-45444 was published May 20, 2026
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to... Critical Unreviewed
CVE-2026-9102 was published May 20, 2026
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload... Critical Unreviewed
CVE-2026-20223 was published May 20, 2026
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras.... Critical Unreviewed
CVE-2026-8598 was published May 20, 2026
Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service) Critical
CVE-2026-46421 was published for @cap-js/db-service (npm) May 20, 2026
patricebender Credited to patricebender and chgeo chgeo chgeo
Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client... Critical Unreviewed
CVE-2026-22314 was published May 20, 2026
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC... Critical Unreviewed
CVE-2026-33278 was published May 20, 2026
SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple... Critical Unreviewed
CVE-2026-9065 was published May 20, 2026
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the ... Critical Unreviewed
CVE-2026-9059 was published May 20, 2026
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and... Critical Unreviewed
CVE-2026-7637 was published May 20, 2026
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an... Critical Unreviewed
CVE-2026-24207 was published May 20, 2026
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2026-7284 was published May 20, 2026
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions... Critical Unreviewed
CVE-2026-6555 was published May 20, 2026
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue... Critical Unreviewed
CVE-2026-8495 was published May 20, 2026
Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm Critical
CVE-2026-46412 was published for @beproduct/nestjs-auth (npm) May 19, 2026
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft Critical
CVE-2026-46354 was published for github.com/coder/coder (Go) May 19, 2026
bencalif Credited to bencalif
MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path Critical
GHSA-g53w-w6mj-hrpp was published for github.com/Kuadrant/mcp-gateway (Go) May 19, 2026
Bhuvanesh66 Credited to Bhuvanesh66
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes Critical
CVE-2026-46339 was published for 9router (npm) May 19, 2026
sondt99 Credited to sondt99
Kopia: RCE via SSH ProxyCommand Injection Critical
CVE-2026-45695 was published for github.com/kopia/kopia (Go) May 19, 2026
berardinellidaniele Credited to berardinellidaniele
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail... Critical Unreviewed
CVE-2026-47107 was published May 19, 2026
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up... Critical Unreviewed
CVE-2026-36829 was published May 19, 2026
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the... Critical Unreviewed
CVE-2026-47357 was published May 19, 2026
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL... Critical Unreviewed
CVE-2026-47358 was published May 19, 2026
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin... Critical Unreviewed
CVE-2026-37281 was published May 19, 2026
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the... Critical Unreviewed
CVE-2026-30118 was published May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database