Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,395 advisories

Loading
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger Critical
CVE-2026-46614 was published for github.com/fission/fission (Go) May 21, 2026
FORIMOC Credited to FORIMOC and sanketsudake sanketsudake sanketsudake
Crabbox: environment variable exposure vulnerability Critical
CVE-2026-8634 was published for github.com/openclaw/crabbox (Go) May 14, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-39531 was published May 21, 2026
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a... Critical Unreviewed
CVE-2026-48241 was published May 21, 2026
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host,... Critical Unreviewed
CVE-2026-48242 was published May 21, 2026
Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` Critical
CVE-2026-44990 was published for sanitize-html (npm) May 14, 2026
sushi-gif Credited to sushi-gif, arkon, Matsuuu, AND-TomHarris, and scotje arkon arkon
Matsuuu Matsuuu AND-TomHarris AND-TomHarris scotje scotje
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code... Critical Unreviewed
CVE-2023-4662 was published Sep 15, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4530 was published Oct 6, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4541 was published Dec 29, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-3651 was published Aug 8, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-3898 was published Aug 8, 2023
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz -... Critical Unreviewed
CVE-2023-3632 was published Aug 9, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-3717 was published Aug 8, 2023
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to... Critical Unreviewed
CVE-2025-71211 was published May 21, 2026
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to... Critical Unreviewed
CVE-2025-71210 was published May 21, 2026
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up... Critical Unreviewed
CVE-2026-5118 was published May 21, 2026
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. ... Critical Unreviewed
CVE-2026-47372 was published May 21, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4231 was published Sep 15, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4661 was published Sep 15, 2023
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows... Critical Unreviewed
CVE-2023-4178 was published Sep 5, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4034 was published Sep 5, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4531 was published Sep 5, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-3716 was published Aug 8, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-4670 was published Sep 15, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Authentication Bypass by Assumed-Immutable Data vulnerability in... Critical Unreviewed
CVE-2023-4669 was published Sep 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database