Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,395 advisories

Loading
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential... Critical Unreviewed
CVE-2026-9139 was published May 20, 2026
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController... Critical Unreviewed
CVE-2026-9129 was published May 20, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For... Critical Unreviewed
CVE-2026-45444 was published May 20, 2026
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass... Critical Unreviewed
CVE-2026-9141 was published May 20, 2026
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to... Critical Unreviewed
CVE-2026-9102 was published May 20, 2026
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue... Critical Unreviewed
CVE-2026-8495 was published May 20, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-5806 was published Jan 18, 2024
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal... Critical Unreviewed
CVE-2023-5636 was published Dec 1, 2023
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras.... Critical Unreviewed
CVE-2026-8598 was published May 20, 2026
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload... Critical Unreviewed
CVE-2026-20223 was published May 20, 2026
The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5)... Critical Unreviewed
CVE-2026-31072 was published May 19, 2026
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin... Critical Unreviewed
CVE-2026-37281 was published May 19, 2026
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and... Critical Unreviewed
CVE-2026-47323 was published May 19, 2026
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix... Critical Unreviewed
CVE-2026-43493 was published May 19, 2026
OpenClaude Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input Critical
CVE-2026-42074 was published for openclaude (npm) May 12, 2026
Rosayxy Credited to Rosayxy
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the... Critical Unreviewed
CVE-2026-30118 was published May 19, 2026
API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication... Critical Unreviewed
CVE-2026-31071 was published May 19, 2026
The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote... Critical Unreviewed
CVE-2026-31070 was published May 19, 2026
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the... Critical Unreviewed
CVE-2026-47357 was published May 19, 2026
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL... Critical Unreviewed
CVE-2026-47358 was published May 19, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-6145 was published Dec 21, 2023
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the... Critical Unreviewed
CVE-2026-30117 was published May 19, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2023-5807 was published Oct 27, 2023
Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service) Critical
CVE-2026-46421 was published for @cap-js/db-service (npm) May 20, 2026
patricebender Credited to patricebender and chgeo chgeo chgeo
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2023-6437 was published Mar 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database