Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3,481 advisories

Loading
A flaw was found in Keycloak. An authenticated user with existing organization membership can... Moderate Unreviewed
CVE-2026-9791 was published May 28, 2026
Pimcore has a CustomReports Share Bypass High
CVE-2026-45704 was published for pimcore/pimcore (Composer) May 27, 2026
HuajiHD Credited to HuajiHD
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export Moderate
CVE-2026-45703 was published for pimcore/pimcore (Composer) May 27, 2026
HuajiHD Credited to HuajiHD
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7,... Moderate Unreviewed
CVE-2026-6713 was published May 27, 2026
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] Moderate
CVE-2026-45075 was published for symfony/http-kernel (Composer) May 27, 2026
alexandre-daubois Credited to alexandre-daubois
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station... Low Unreviewed
CVE-2024-47272 was published May 27, 2026
FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass High
CVE-2026-43947 was published for fuxa-server (npm) May 26, 2026
AbdrrahimDahmani Credited to AbdrrahimDahmani
FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue High
CVE-2026-43946 was published for fuxa-server (npm) May 26, 2026
anyzy2003 Credited to anyzy2003
FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection High
CVE-2026-43945 was published for @frangoteam/fuxa (npm) May 26, 2026
ud444ng Credited to ud444ng
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated... Critical Unreviewed
CVE-2026-3660 was published May 26, 2026
The affected products insufficiently verify authorization when deleting user accounts. An... High Unreviewed
CVE-2026-8046 was published May 26, 2026
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that... High Unreviewed
CVE-2018-25353 was published May 26, 2026
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in... High Unreviewed
CVE-2026-6406 was published May 26, 2026
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... Moderate Unreviewed
CVE-2026-28735 was published May 26, 2026
Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check) Moderate
CVE-2026-47120 was published for github.com/nezhahq/nezha (Go) May 23, 2026
Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification High
CVE-2026-46717 was published for github.com/nezhahq/nezha (Go) May 23, 2026
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment... High Unreviewed
CVE-2026-8350 was published May 21, 2026
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update... High Unreviewed
CVE-2026-47102 was published May 21, 2026
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to... High Unreviewed
CVE-2026-47101 was published May 21, 2026
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects) Low
CVE-2026-46635 was published for twig/twig (Composer) May 21, 2026
NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation Low
CVE-2026-46549 was published for nocodb (npm) May 21, 2026
ik0z Credited to ik0z
MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement High
CVE-2026-46519 was published for mcp-server-kubernetes (npm) May 21, 2026
axsharma Credited to axsharma and 0xmagic0 0xmagic0 0xmagic0
Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against... Moderate Unreviewed
CVE-2026-4055 was published May 21, 2026
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin'... Moderate Unreviewed
CVE-2026-20238 was published May 20, 2026
Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows Moderate
GHSA-c2c9-mfw7-p8hw was published for flowise (npm) May 20, 2026
offset Credited to offset
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database