Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

10,616 advisories

Loading
Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint High
CVE-2026-45332 was published for automad/automad (Composer) May 27, 2026
lorenzocamilli Credited to lorenzocamilli
IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection... Moderate Unreviewed
CVE-2026-8405 was published May 27, 2026
@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects Moderate
CVE-2026-44979 was published for @hapi/wreck (npm) May 27, 2026
gasbugs Credited to gasbugs
A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive... Low Unreviewed
CVE-2026-9583 was published May 26, 2026
NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could... Moderate Unreviewed
CVE-2026-24198 was published May 26, 2026
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects... Moderate Unreviewed
CVE-2026-9352 was published May 26, 2026
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the... Moderate Unreviewed
CVE-2026-9349 was published May 26, 2026
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... Moderate Unreviewed
CVE-2026-3636 was published May 26, 2026
Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members Moderate
CVE-2026-47124 was published for github.com/nezhahq/nezha (Go) May 23, 2026
sondt99 Credited to sondt99
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model Moderate
CVE-2026-47165 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
007bsd Credited to 007bsd
The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2026-7636 was published May 22, 2026
There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration... Moderate Unreviewed
CVE-2026-44409 was published May 22, 2026
Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing... Moderate Unreviewed
CVE-2026-6826 was published May 21, 2026
@sveltejs/kit: `query.batch` cross-talk Moderate
GHSA-hgv7-v322-mmgr was published for @sveltejs/kit (npm) May 21, 2026
rafabd1 Credited to rafabd1, elliott-with-the-longest-name-on-github, and dummdidumm elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
dummdidumm dummdidumm
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or... Low Unreviewed
CVE-2025-31985 was published May 20, 2026
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2026-6728 was published May 20, 2026
The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via ... Moderate Unreviewed
CVE-2026-5075 was published May 20, 2026
FileBrowser Quantum: unauthenticated user share share info High
CVE-2026-46410 was published for github.com/gtsteffaniak/filebrowser (Go) May 19, 2026
Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation Moderate
GHSA-m23h-6mwm-39m8 was published for github.com/kong/kubernetes-ingress-controller (Go) May 19, 2026
bugbunny-research Credited to bugbunny-research
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another... Moderate Unreviewed
CVE-2026-8706 was published May 19, 2026
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs High
CVE-2026-45793 was published for composer/composer (Composer) May 19, 2026
damienwebdev Credited to damienwebdev and kesselb kesselb kesselb
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs Low
CVE-2026-45739 was published for strawberry-graphql (pip) May 19, 2026
lpschroer Credited to lpschroer, bellini666, and patrick91 bellini666 bellini666
patrick91 patrick91
Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations Moderate
CVE-2026-45737 was published for github.com/argoproj/argo-cd/v3 (Go) May 19, 2026
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox... High Unreviewed
CVE-2026-8967 was published May 19, 2026
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151. High Unreviewed
CVE-2026-8966 was published May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database