Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,399 advisories

Loading
rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths Critical
CVE-2026-45568 was published for zrok (pip) May 19, 2026
aisafe-bot Credited to aisafe-bot
HAXcms: Private Key Disclosure via Broken HMAC Implementation Critical
CVE-2026-46395 was published for @haxtheweb/haxcms-nodejs (npm) May 19, 2026
shreyas-challa Credited to shreyas-challa
Algernon: handler.lua discovery walks parent directories above the server root Critical
CVE-2026-45721 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Malware in @opensearch-project/opensearch Critical
GHSA-27f5-xjrr-q9ff was published for @opensearch-project/opensearch (npm) May 19, 2026
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix... Critical Unreviewed
CVE-2026-43493 was published May 19, 2026
The extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely... Critical Unreviewed
CVE-2026-46725 was published May 19, 2026
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache... Critical Unreviewed
CVE-2026-31986 was published May 19, 2026
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')... Critical Unreviewed
CVE-2026-41919 was published May 19, 2026
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in... Critical Unreviewed
CVE-2026-2611 was published May 19, 2026
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload... Critical Unreviewed
CVE-2026-4885 was published May 19, 2026
A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame... Critical Unreviewed
CVE-2026-8836 was published May 18, 2026
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows... Critical Unreviewed
CVE-2023-24215 was published May 18, 2026
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-42822 was published May 18, 2026
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB... Critical Unreviewed
CVE-2026-45829 was published May 18, 2026
Malicious dropper in mistralai 2.4.6 PyPI package Critical
GHSA-wx9m-wx4f-4cmg was published for mistralai (pip) May 18, 2026
nullcharb Credited to nullcharb
Formie: Pre-authenticated server-side template injection in Hidden fields Critical
CVE-2026-45697 was published for verbb/formie (Composer) May 18, 2026
pwnsauc3 Credited to pwnsauc3
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated... Critical Unreviewed
CVE-2026-41948 was published May 18, 2026
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows... Critical Unreviewed
CVE-2026-41947 was published May 18, 2026
Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs Critical
CVE-2026-45625 was published for github.com/getarcaneapp/arcane/backend (Go) May 18, 2026
offset Credited to offset
Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain... Critical Unreviewed
CVE-2026-4320 was published May 18, 2026
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and... Critical Unreviewed
CVE-2026-7301 was published May 18, 2026
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal... Critical Unreviewed
CVE-2026-7302 was published May 18, 2026
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when... Critical Unreviewed
CVE-2026-7304 was published May 18, 2026
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws. When... Critical Unreviewed
CVE-2026-8507 was published May 17, 2026
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. ... Critical Unreviewed
CVE-2026-8721 was published May 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database