Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,377
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

10,344 advisories

Loading
A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this... Low Unreviewed
CVE-2026-4823 was published Mar 26, 2026
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application... Moderate Unreviewed
CVE-2025-14915 was published Mar 25, 2026
Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API Moderate
CVE-2026-33677 was published for code.vikunja.io/api (Go) Mar 25, 2026
offset Credited to offset
An authorization issue was addressed with improved state management. This issue is fixed in iOS... Moderate Unreviewed
CVE-2026-28877 was published Mar 25, 2026
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and... Moderate Unreviewed
CVE-2026-28878 was published Mar 25, 2026
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app... Moderate Unreviewed
CVE-2026-28820 was published Mar 25, 2026
Parse Server exposes auth data via /users/me endpoint High
CVE-2026-33627 was published for parse-server (npm) Mar 24, 2026
mtrezza Credited to mtrezza
Craft CMS' anonymous "assets/image-editor" calls return private asset editor metadata to unauthorized users Low
CVE-2026-33161 was published for craftcms/cms (Composer) Mar 24, 2026
Susen2 Credited to Susen2
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149... High Unreviewed
CVE-2026-4712 was published Mar 24, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6... Moderate Unreviewed
CVE-2026-4733 was published Mar 24, 2026
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote,... Critical Unreviewed
CVE-2025-60949 was published Mar 24, 2026
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground Moderate
CVE-2026-27131 was published for putyourlightson/craft-sprig (Composer) Mar 23, 2026
Neosprings Credited to Neosprings and bencroker bencroker bencroker
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets... Moderate Unreviewed
CVE-2025-13997 was published Mar 23, 2026
Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an... High Unreviewed
CVE-2026-23659 was published Mar 19, 2026
In Soft Serve, an authenticated repo import can clone server-local private repositories High
CVE-2026-33353 was published for github.com/charmbracelet/soft-serve (Go) Mar 19, 2026
evnsh Credited to evnsh
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the... Critical Unreviewed
CVE-2026-32865 was published Mar 19, 2026
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2026-2571 was published Mar 19, 2026
HAPI FHIR HTTP authentication leak in redirects Critical
CVE-2026-33180 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 18, 2026
ElliotSilver Credited to ElliotSilver
Parse Server leaks protected fields via LiveQuery afterEvent trigger High
CVE-2026-33163 was published for parse-server (npm) Mar 18, 2026
mtrezza Credited to mtrezza
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive... Moderate Unreviewed
CVE-2026-1267 was published Mar 18, 2026
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php Moderate
CVE-2026-33041 was published for wwbn/avideo (Composer) Mar 17, 2026
offensiveee Credited to offensiveee
SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service Critical
CVE-2026-32938 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 17, 2026
TCOTC Credited to TCOTC, YuxinZhaozyx, and 88250 YuxinZhaozyx YuxinZhaozyx
88250 88250
Broken Access Control in extension "Redirect Tab" (redirect_tab) Low
CVE-2026-4202 was published for ayacoo/redirect-tab (Composer) Mar 17, 2026
Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability Low
CVE-2026-32266 was published for craftcms/google-cloud (Composer) Mar 16, 2026
Amazon S3 for Craft CMS has an Information Disclosure vulnerability Moderate
CVE-2026-32265 was published for craftcms/aws-s3 (Composer) Mar 16, 2026
Neosprings Credited to Neosprings
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database