Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

4,205 advisories

Loading
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized... Critical Unreviewed
CVE-2026-33109 was published May 8, 2026
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker... High Unreviewed
CVE-2026-35435 was published May 8, 2026
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and... High Unreviewed
CVE-2026-5786 was published May 7, 2026
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows... High Unreviewed
CVE-2026-5788 was published May 7, 2026
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution Critical
CVE-2026-44007 was published for vm2 (npm) May 7, 2026
akshatgit Credited to akshatgit
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could... High Unreviewed
CVE-2026-20167 was published May 6, 2026
Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover High
CVE-2026-42222 was published for github.com/0xJacky/nginx-ui (Go) May 6, 2026
Kakeru-Ishii Credited to Kakeru-Ishii
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The... High Unreviewed
CVE-2024-52911 was published May 5, 2026
IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any... High Unreviewed
CVE-2025-67796 was published May 4, 2026
phpVMS has an /importer authorization bypass causing full database wipe Critical
CVE-2026-42569 was published for nabeel/phpvms (Composer) May 4, 2026
peter-bosch Credited to peter-bosch
OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens High
GHSA-r6xh-pqhr-v4xh was published for openclaw (npm) May 4, 2026
VladimirEliTokarev Credited to VladimirEliTokarev
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService:... Moderate Unreviewed
CVE-2026-7733 was published May 4, 2026
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element... Low Unreviewed
CVE-2026-7732 was published May 4, 2026
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file... Moderate Unreviewed
CVE-2026-7711 was published May 4, 2026
A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance... Low Unreviewed
CVE-2026-7696 was published May 3, 2026
A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code... Low Unreviewed
CVE-2026-7673 was published May 3, 2026
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute... High Unreviewed
CVE-2026-37526 was published May 1, 2026
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the... Low Unreviewed
CVE-2026-7578 was published May 1, 2026
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i... Moderate Unreviewed
CVE-2026-2311 was published May 1, 2026
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the... Low Unreviewed
CVE-2026-7393 was published Apr 29, 2026
A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-9772 was published Apr 29, 2026
FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field Moderate
CVE-2026-32699 was published for facturascripts/facturascripts (Composer) Apr 28, 2026
TurkiOS Credited to TurkiOS
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... High Unreviewed
CVE-2026-5780 was published Apr 28, 2026
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... Critical Unreviewed
CVE-2026-5779 was published Apr 28, 2026
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the... Moderate Unreviewed
CVE-2026-7238 was published Apr 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database