Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

11,885 advisories

Loading
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field... Low Unreviewed
CVE-2026-4407 was published Mar 19, 2026
A cross-origin issue in the Navigation API was addressed with improved input validation. This... Moderate Unreviewed
CVE-2026-20643 was published Mar 18, 2026
HCL Sametime is vulnerable to broken server-side validation. While the application performs... Low Unreviewed
CVE-2025-31966 was published Mar 17, 2026
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was... Moderate Unreviewed
CVE-2026-3644 was published Mar 16, 2026
in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input. Moderate Unreviewed
CVE-2025-6969 was published Mar 16, 2026
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input.... Low Unreviewed
CVE-2025-26474 was published Mar 16, 2026
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation... Moderate Unreviewed
CVE-2025-10461 was published Mar 16, 2026
The web interface on multiple Omada switches does not adequately validate certain external inputs... High Unreviewed
CVE-2026-1668 was published Mar 13, 2026
wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to... Moderate Unreviewed
CVE-2026-22204 was published Mar 13, 2026
Apache Livy: Restrict file access Moderate
CVE-2025-60012 was published for org.apache.livy:livy-server (Maven) Mar 13, 2026
Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload Moderate
CVE-2026-30961 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes Moderate
CVE-2026-30915 was published for github.com/drakkan/sftpgo/v2 (Go) Mar 13, 2026
SM9 Infinity-Point Ciphertext Forgery Vulnerability Critical
CVE-2026-32614 was published for github.com/emmansun/gmsm (Go) Mar 13, 2026
Cameudis Credited to Cameudis and sunyxedu sunyxedu sunyxedu
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS Moderate
CVE-2023-1289 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
Im10n Credited to Im10n
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even... Low Unreviewed
CVE-2025-13462 was published Mar 12, 2026
@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass Moderate
CVE-2026-32235 was published for @backstage/plugin-auth-backend (npm) Mar 12, 2026
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the... Moderate Unreviewed
CVE-2026-3967 was published Mar 12, 2026
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an... High Unreviewed
CVE-2026-30901 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... Moderate Unreviewed
CVE-2026-21310 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... Moderate Unreviewed
CVE-2026-21282 was published Mar 11, 2026
Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval Moderate
CVE-2026-31959 was published for github.com/anchore/quill (Go) Mar 11, 2026
Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms... High Unreviewed
CVE-2025-20064 was published Mar 11, 2026
Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference... High Unreviewed
CVE-2025-20068 was published Mar 11, 2026
Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an... Moderate Unreviewed
CVE-2025-20096 was published Mar 11, 2026
Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms... High Unreviewed
CVE-2025-20105 was published Mar 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database