Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,828
Maven
5,000+
npm
5,000+
NuGet
942
pip
5,000+
Pub
13
RubyGems
1,060
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,233 advisories

Loading
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE Critical
CVE-2026-44477 was published for github.com/cloudnative-pg/cloudnative-pg (Go) May 11, 2026
mdisec Credited to mdisec
Apache Wicket has a Session Fixation issue Critical
CVE-2026-40010 was published for org.apache.wicket:wicket-auth-roles (Maven) May 6, 2026
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection Critical
CVE-2026-44336 was published for PraisonAI (pip) May 11, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
electerm: electerm_install_script_CommandInjection Vulnerability Report Critical
CVE-2026-41500 was published for electerm (npm) Apr 16, 2026
Yuremin Credited to Yuremin and FORIMOC FORIMOC FORIMOC
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction Critical
CVE-2026-42880 was published for github.com/argoproj/argo-cd/v3 (Go) May 7, 2026
hoang-prod Credited to hoang-prod
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0,... Critical Unreviewed
CVE-2026-40636 was published May 11, 2026
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in... Critical Unreviewed
CVE-2026-43379 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi... Critical Unreviewed
CVE-2026-43465 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely... Critical Unreviewed
CVE-2026-43414 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential... Critical Unreviewed
CVE-2026-43406 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent... Critical Unreviewed
CVE-2026-43341 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC... Critical Unreviewed
CVE-2026-43383 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out... Critical Unreviewed
CVE-2026-43407 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC... Critical Unreviewed
CVE-2026-43384 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread... Critical Unreviewed
CVE-2026-43402 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce... Critical Unreviewed
CVE-2026-43304 was published May 8, 2026
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed... Critical Unreviewed
CVE-2026-5735 was published Apr 7, 2026
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload... Critical Unreviewed
CVE-2021-47940 was published May 10, 2026
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user... Critical Unreviewed
CVE-2021-47923 was published May 10, 2026
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows... Critical Unreviewed
CVE-2021-47933 was published May 10, 2026
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability... Critical Unreviewed
CVE-2021-47932 was published May 10, 2026
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2021-47936 was published May 10, 2026
A vulnerability allowing an authenticated user with the Backup Administrator role to perform... Critical Unreviewed
CVE-2026-21671 was published Mar 12, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21669 was published Mar 12, 2026
Improper enforcement of the Disable password saving in vaults setting in the connection entry... Critical Unreviewed
CVE-2026-2590 was published Mar 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database