Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

335,490 advisories

Loading
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR... High Unreviewed
CVE-2026-4424 was published Mar 19, 2026
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated... Critical Unreviewed
CVE-2026-7374 was published May 26, 2026
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in... Critical Unreviewed
CVE-2026-5121 was published Mar 30, 2026
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary... High Unreviewed
CVE-2026-4802 was published May 11, 2026
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior... High Unreviewed
CVE-2026-9789 was published May 28, 2026
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with... High Unreviewed
CVE-2026-32589 was published Apr 8, 2026
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of... High Unreviewed
CVE-2026-48864 was published May 26, 2026
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The... High Unreviewed
CVE-2026-32590 was published Apr 8, 2026
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization... Moderate Unreviewed
CVE-2026-32591 was published Apr 8, 2026
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by... Moderate Unreviewed
CVE-2026-2377 was published Apr 8, 2026
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This... High Unreviewed
CVE-2026-8915 was published May 28, 2026
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase,... Critical Unreviewed
CVE-2026-9739 was published May 28, 2026
Tanium addressed an unauthorized code execution vulnerability in Connect. High Unreviewed
CVE-2026-9208 was published May 28, 2026
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for... Moderate Unreviewed
CVE-2026-4888 was published May 28, 2026
compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal High
CVE-2026-45725 was published for compliance-trestle (pip) May 27, 2026
AnistoMejin Credited to AnistoMejin and yantongggg yantongggg yantongggg
FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations High
CVE-2026-47717 was published for fuxa-server (npm) May 27, 2026
AbdrrahimDahmani Credited to AbdrrahimDahmani
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs High
CVE-2026-47243 was published for github.com/kata-containers/kata-containers (Go) May 27, 2026
JulesDT Credited to JulesDT, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection Critical
CVE-2026-46621 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
superpegaso2703 Credited to superpegaso2703
GPT-Pilot contains a command injection vulnerability in the Executor.run() method Moderate
CVE-2026-31246 was published for gpt-pilot (pip) May 11, 2026
mem0 server lacks authentication and authorization controls for its memory creation API endpoint Moderate
CVE-2026-31245 was published for mem0ai (pip) May 12, 2026
mem0 server lacks authentication and authorization controls for its memory deletion API endpoint Moderate
CVE-2026-31241 was published for mem0ai (pip) May 12, 2026
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override Critical
CVE-2026-46562 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
2BCEB1 Credited to 2BCEB1
Pimcore has a CustomReports Share Bypass High
CVE-2026-45704 was published for pimcore/pimcore (Composer) May 27, 2026
HuajiHD Credited to HuajiHD
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export Moderate
CVE-2026-45703 was published for pimcore/pimcore (Composer) May 27, 2026
HuajiHD Credited to HuajiHD
imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module Critical
CVE-2026-31235 was published for imgaug (pip) May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database