Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

10,984 advisories

Loading
compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal High
CVE-2026-45725 was published for compliance-trestle (pip) May 27, 2026
AnistoMejin Credited to AnistoMejin and yantongggg yantongggg yantongggg
FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations High
CVE-2026-47717 was published for fuxa-server (npm) May 27, 2026
AbdrrahimDahmani Credited to AbdrrahimDahmani
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs High
CVE-2026-47243 was published for github.com/kata-containers/kata-containers (Go) May 27, 2026
JulesDT Credited to JulesDT, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
Pimcore has a CustomReports Share Bypass High
CVE-2026-45704 was published for pimcore/pimcore (Composer) May 27, 2026
HuajiHD Credited to HuajiHD
Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint High
CVE-2026-45332 was published for automad/automad (Composer) May 27, 2026
lorenzocamilli Credited to lorenzocamilli
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener High
CVE-2026-45077 was published for symfony/monolog-bridge (Composer) May 27, 2026
snoopysecurity Credited to snoopysecurity, nicolas-grekas, and a-tt-om nicolas-grekas nicolas-grekas
a-tt-om a-tt-om
Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address High
CVE-2026-45067 was published for symfony/mime (Composer) May 27, 2026
CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests High
CVE-2026-44982 was published for github.com/crowdsecurity/crowdsec (Go) May 27, 2026
mmarting Credited to mmarting
Deno's TLS retry copies stale upgrade hook, risking plaintext traffic High
CVE-2026-44726 was published for deno (Rust) May 27, 2026
r3wretrhy Credited to r3wretrhy
LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex High
CVE-2026-45617 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend High
CVE-2026-45368 was published for getkirby/cms (Composer) May 27, 2026
offset Credited to offset
LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime) High
CVE-2026-45357 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling High
CVE-2026-45260 was published for pimcore/pimcore (Composer) May 27, 2026
larlarua Credited to larlarua
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction High
CVE-2026-45162 was published for pimcore/pimcore (Composer) May 27, 2026
tikket1 Credited to tikket1
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator High
CVE-2026-45063 was published for symfony/security-http (Composer) May 27, 2026
SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl High
CVE-2026-46372 was published for sillytavern (npm) May 19, 2026
larlarua Credited to larlarua
@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters High
CVE-2026-44974 was published for @hapi/content (npm) May 27, 2026
threalwinky Credited to threalwinky
Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter High
CVE-2026-44741 was published for pimcore/admin-ui-classic-bundle (Composer) May 27, 2026
tikket1 Credited to tikket1
Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration High
CVE-2026-44739 was published for pimcore/pimcore (Composer) May 27, 2026
msayedZiko Credited to msayedZiko
tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape High
CVE-2026-44705 was published for tmp (npm) May 27, 2026
Gyde04 Credited to Gyde04 and MaanVader MaanVader MaanVader
Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup High
CVE-2026-44177 was published for getkirby/cms (Composer) May 26, 2026
offset Credited to offset
Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend High
CVE-2026-44175 was published for getkirby/cms (Composer) May 26, 2026
offset Credited to offset
Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints High
CVE-2026-44174 was published for getkirby/cms (Composer) May 26, 2026
mojamojam Credited to mojamojam
FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass High
CVE-2026-43947 was published for fuxa-server (npm) May 26, 2026
AbdrrahimDahmani Credited to AbdrrahimDahmani
FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue High
CVE-2026-43946 was published for fuxa-server (npm) May 26, 2026
anyzy2003 Credited to anyzy2003
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database