Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,221 advisories

Loading
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to... Critical Unreviewed
CVE-2020-37239 was published May 16, 2026
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed
CVE-2021-47952 was published May 16, 2026
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that... Critical Unreviewed
CVE-2020-37228 was published May 16, 2026
Open WebUI has an LDAP Empty Password Authentication Bypass Critical
CVE-2026-44551 was published for open-webui (pip) May 8, 2026
Classic298 Credited to Classic298
Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs Critical
CVE-2026-42155 was published for openmage/magento-lts (Composer) May 5, 2026
0x0OZ Credited to 0x0OZ
OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange Critical
CVE-2026-41258 was published for org.openmrs.api:openmrs-api (Maven) May 4, 2026
snomi Credited to snomi and Volcore Volcore Volcore
utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol Critical
CVE-2026-45369 was published for utcp-cli (pip) May 14, 2026
ZeroXJacks Credited to ZeroXJacks
SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE Critical
CVE-2026-44670 was published for github.com/siyuan-note/siyuan/kernel (Go) May 8, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution Critical
CVE-2026-45375 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
Revanth011 Credited to Revanth011
SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) Critical
CVE-2026-44588 was published for github.com/siyuan-note/siyuan/kernel (Go) May 8, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery Critical
CVE-2026-44523 was published for github.com/enchant97/note-mark/backend (Go) May 7, 2026
osageling Credited to osageling and enchant97 enchant97 enchant97
Strapi may leak sensitive data via relational filtering due to lack of query sanitization Critical
CVE-2026-27886 was published for @strapi/strapi (npm) May 14, 2026
WildWestCyberSecurity Credited to WildWestCyberSecurity, innerdvations, derrickmehaffy, and nclsndr innerdvations innerdvations
derrickmehaffy derrickmehaffy nclsndr nclsndr
Strapi Vulnerable to SQL Injection in Content Type Builder Critical
CVE-2026-22599 was published for @strapi/content-type-builder (npm) May 13, 2026
whiteov3rflow Credited to whiteov3rflow, derrickmehaffy, and markkaylor derrickmehaffy derrickmehaffy
markkaylor markkaylor
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell... Critical Unreviewed
CVE-2026-31231 was published May 12, 2026
PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution... Critical Unreviewed
CVE-2026-31220 was published May 12, 2026
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha:... Critical Unreviewed
CVE-2026-46364 was published May 15, 2026
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts... Critical Unreviewed
CVE-2026-45010 was published May 15, 2026
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload... Critical Unreviewed
CVE-2021-47965 was published May 15, 2026
Reserved. Details will be published at disclosure. Critical Unreviewed
CVE-2026-45393 was published May 12, 2026
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud... Critical Unreviewed
CVE-2026-2031 was published May 15, 2026
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code... Critical Unreviewed
CVE-2026-41553 was published May 15, 2026
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal... Critical Unreviewed
CVE-2026-41552 was published May 15, 2026
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML... Critical Unreviewed
CVE-2026-7182 was published May 15, 2026
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by... Critical Unreviewed
CVE-2026-43376 was published May 8, 2026
Reserved. Details will be published at disclosure. Critical Unreviewed
CVE-2026-45392 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database