Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,393 advisories

Loading
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase,... Critical Unreviewed
CVE-2026-9739 was published May 28, 2026
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection Critical
CVE-2026-46621 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
superpegaso2703 Credited to superpegaso2703
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override Critical
CVE-2026-46562 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
2BCEB1 Credited to 2BCEB1
Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP... Critical Unreviewed
CVE-2026-8364 was published May 27, 2026
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long... Critical Unreviewed
CVE-2026-8363 was published May 27, 2026
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long... Critical Unreviewed
CVE-2026-8362 was published May 27, 2026
Langroid has Prompt to SQL Injection, Leading to RCE Critical
CVE-2026-25879 was published for langroid (pip) May 27, 2026
Ka7arotto Credited to Ka7arotto
LiquidJS is Vulnerable to Remote Code Execution Critical
CVE-2026-45618 was published for liquidjs (npm) May 27, 2026
c0rydoras Credited to c0rydoras
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the... Critical Unreviewed
CVE-2026-49103 was published May 27, 2026
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation... Critical Unreviewed
CVE-2026-7524 was published May 27, 2026
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed... Critical Unreviewed
CVE-2026-8175 was published May 27, 2026
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can... Critical Unreviewed
CVE-2026-35087 was published May 27, 2026
In Slican telephone exchanges it is possible to manage the control panel remotely. An... Critical Unreviewed
CVE-2026-35090 was published May 27, 2026
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the... Critical Unreviewed
CVE-2026-48906 was published May 27, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-42740 was published May 27, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-42747 was published May 27, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo... Critical Unreviewed
CVE-2026-42748 was published May 27, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-42755 was published May 27, 2026
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar... Critical Unreviewed
CVE-2026-42758 was published May 27, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2026-42757 was published May 27, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2026-42756 was published May 27, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-42761 was published May 27, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-42727 was published May 27, 2026
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange... Critical Unreviewed
CVE-2026-42731 was published May 27, 2026
Access control failure means that an application does not effectively check user access... Critical Unreviewed
CVE-2026-49002 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database