Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
64
GitHub Actions
50
Go
3,833
Maven
5,000+
npm
5,000+
NuGet
944
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,358
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,234 advisories

Loading
CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE Critical
CVE-2026-41202 was published for ci4-cms-erp/ci4ms (Composer) Apr 22, 2026
fg0x0 Credited to fg0x0
Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix) Critical
CVE-2026-40281 was published for github.com/gotenberg/gotenberg/v8 (Go) Apr 30, 2026
morimori-dev Credited to morimori-dev
OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip) Critical
CVE-2026-40076 was published for org.openmrs.web:openmrs-web (Maven) May 4, 2026
Arron-bit Credited to Arron-bit
Electerm runWidget has a path traversal that leads to arbitrary code execution Critical
CVE-2026-43940 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in... Critical Unreviewed
CVE-2026-43125 was published May 6, 2026
Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output Critical
GHSA-pvmv-cwg8-v6c8 was published for zebra-script (Rust) May 8, 2026
sangsoo-osec Credited to sangsoo-osec and fivelittleducks fivelittleducks fivelittleducks
Rucio has SQL Injection in FilterEngine PostgreSQL Query Builder via DID Search API Critical
CVE-2026-29090 was published for rucio (pip) May 6, 2026
Mistz1 Credited to Mistz1
Apache Polaris has an Improper Input Validation issue Critical
CVE-2026-42812 was published for org.apache.polaris:polaris-runtime-service (Maven) May 4, 2026
Apache Polaris has an Improper Input Validation issue Critical
CVE-2026-42811 was published for org.apache.polaris:polaris-core (Maven) May 4, 2026
Apache Polaris has an Improper Input Validation Issue Critical
CVE-2026-42810 was published for org.apache.polaris:polaris-core (Maven) May 4, 2026
Apache Polaris has an Improper Input Validation Issue Critical
CVE-2026-42809 was published for org.apache.polaris:polaris-runtime-service (Maven) May 4, 2026
Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest Critical
CVE-2026-42027 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing Critical
CVE-2026-40682 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
PrestaShop has a stored XSS executable in customer service view Critical
CVE-2026-44212 was published for prestashop/prestashop (Composer) May 8, 2026
ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function Critical
CVE-2026-39087 was published for heckel.io/ntfy/v2 (Go) Apr 23, 2026
In the Linux kernel, the following vulnerability has been resolved: netfilter:... Critical Unreviewed
CVE-2026-43114 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get... Critical Unreviewed
CVE-2026-43117 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and... Critical Unreviewed
CVE-2026-43083 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when... Critical Unreviewed
CVE-2026-43067 was published May 5, 2026
In the Linux kernel, the following vulnerability has been resolved: dcache: Limit the minimal... Critical Unreviewed
CVE-2026-43071 was published May 5, 2026
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for... Critical Unreviewed
CVE-2026-44125 was published May 8, 2026
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which... Critical Unreviewed
CVE-2026-44126 was published May 8, 2026
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code... Critical Unreviewed
CVE-2026-44128 was published May 8, 2026
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection... Critical Unreviewed
CVE-2022-50994 was published May 8, 2026
Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the... Critical Unreviewed
CVE-2026-8076 was published May 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database