Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

126,194 advisories

Loading
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote... High Unreviewed
CVE-2026-9009 was published May 28, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in... High Unreviewed
CVE-2026-7802 was published May 28, 2026
A vulnerability allowing an authenticated user with the Backup Administrator role to write... High Unreviewed
CVE-2026-32997 was published May 28, 2026
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2026-2374 was published May 28, 2026
A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator... High Unreviewed
CVE-2026-9795 was published May 28, 2026
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation. High Unreviewed
CVE-2026-32996 was published May 28, 2026
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary... High Unreviewed
CVE-2026-4802 was published May 11, 2026
The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8... High Unreviewed
CVE-2026-32995 was published May 28, 2026
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR... High Unreviewed
CVE-2026-4424 was published Mar 19, 2026
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior... High Unreviewed
CVE-2026-9789 was published May 28, 2026
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with... High Unreviewed
CVE-2026-32589 was published Apr 8, 2026
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of... High Unreviewed
CVE-2026-48864 was published May 26, 2026
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The... High Unreviewed
CVE-2026-32590 was published Apr 8, 2026
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This... High Unreviewed
CVE-2026-8915 was published May 28, 2026
Tanium addressed an unauthorized code execution vulnerability in Connect. High Unreviewed
CVE-2026-9208 was published May 28, 2026
compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal High
CVE-2026-45725 was published for compliance-trestle (pip) May 27, 2026
AnistoMejin Credited to AnistoMejin and yantongggg yantongggg yantongggg
FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations High
CVE-2026-47717 was published for fuxa-server (npm) May 27, 2026
AbdrrahimDahmani Credited to AbdrrahimDahmani
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs High
CVE-2026-47243 was published for github.com/kata-containers/kata-containers (Go) May 27, 2026
JulesDT Credited to JulesDT, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
Pimcore has a CustomReports Share Bypass High
CVE-2026-45704 was published for pimcore/pimcore (Composer) May 27, 2026
HuajiHD Credited to HuajiHD
Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint High
CVE-2026-45332 was published for automad/automad (Composer) May 27, 2026
lorenzocamilli Credited to lorenzocamilli
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote... High Unreviewed
CVE-2026-38427 was published May 27, 2026
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker... High Unreviewed
CVE-2026-38426 was published May 27, 2026
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file... High Unreviewed
CVE-2026-48922 was published May 27, 2026
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37711 was published May 27, 2026
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate... High Unreviewed
CVE-2026-31266 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database