Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
64
GitHub Actions
50
Go
3,833
Maven
5,000+
npm
5,000+
NuGet
944
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,358
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,234 advisories

Loading
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21669 was published Mar 12, 2026
Improper enforcement of the Disable password saving in vaults setting in the connection entry... Critical Unreviewed
CVE-2026-2590 was published Mar 4, 2026
An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta... Critical Unreviewed
CVE-2025-70041 was published Mar 11, 2026
Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to... Critical Unreviewed
CVE-2026-25199 was published May 8, 2026
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading Critical
CVE-2026-39890 was published for praisonai (pip) Apr 8, 2026
offset Credited to offset
@profullstack/mcp-server vulnerable to OS Command Injection in domain_lookup Module Critical
GHSA-v6wj-c83f-v46x was published for @profullstack/mcp-server (npm) May 9, 2026
232-323 Credited to 232-323
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the... Critical Unreviewed
CVE-2025-69691 was published May 8, 2026
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file... Critical Unreviewed
CVE-2025-69690 was published May 8, 2026
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP... Critical Unreviewed
CVE-2026-30496 was published May 7, 2026
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content... Critical Unreviewed
CVE-2026-36458 was published May 7, 2026
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was... Critical Unreviewed
CVE-2026-8091 was published May 7, 2026
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2. Critical Unreviewed
CVE-2026-8094 was published May 7, 2026
Snipe-IT has insecure permissions in file uploads Critical
CVE-2026-37709 was published for snipe/snipe-it (Composer) May 8, 2026
0xAspros Credited to 0xAspros
free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions Critical
CVE-2026-44330 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers Critical
CVE-2026-44329 was published for github.com/free5gc/smf (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler Critical
CVE-2026-44327 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions Critical
CVE-2026-44326 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions Critical
CVE-2026-44315 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
Wish has SCP Path Traversal that allows arbitrary file read/write Critical
CVE-2026-41589 was published for charm.land/wish/v2 (Go) Apr 18, 2026
evnsh Credited to evnsh, andreynering, and aymanbagabas andreynering andreynering
aymanbagabas aymanbagabas
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via... Critical Unreviewed
CVE-2026-37431 was published May 8, 2026
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in... Critical Unreviewed
CVE-2023-46453 was published May 8, 2026
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores... Critical Unreviewed
CVE-2013-10075 was published May 8, 2026
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a... Critical Unreviewed
CVE-2026-38360 was published May 8, 2026
Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability Critical
CVE-2026-44211 was published for cline (npm) May 8, 2026
sagilayani Credited to sagilayani
CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE Critical
CVE-2026-41203 was published for ci4-cms-erp/ci4ms (Composer) Apr 22, 2026
fg0x0 Credited to fg0x0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database