Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,245 advisories

Loading
phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that... Moderate Unreviewed
CVE-2026-45008 was published May 15, 2026
phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where... Moderate Unreviewed
CVE-2026-45007 was published May 15, 2026
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes... Moderate Unreviewed
CVE-2026-45009 was published May 15, 2026
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and... Moderate Unreviewed
CVE-2026-46363 was published May 15, 2026
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where... Moderate Unreviewed
CVE-2026-46361 was published May 15, 2026
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer:... Moderate Unreviewed
CVE-2026-46360 was published May 15, 2026
phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in... Moderate Unreviewed
CVE-2026-46362 was published May 15, 2026
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api... Moderate Unreviewed
CVE-2026-46365 was published May 15, 2026
AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf` Moderate
CVE-2026-45619 was published for WWBN/AVideo (Composer) May 15, 2026
SnailSploit Credited to SnailSploit
AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA Moderate
CVE-2026-45610 was published for WWBN/AVideo (Composer) May 15, 2026
offset Credited to offset
AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute Moderate
CVE-2026-45580 was published for WWBN/AVideo (Composer) May 15, 2026
offset Credited to offset
Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site... Moderate Unreviewed
CVE-2026-23695 was published May 15, 2026
Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` Moderate
CVE-2026-46383 was published for apm-cli (pip) May 15, 2026
0xmrma Credited to 0xmrma
arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS Moderate
GHSA-rc6v-5rmx-w5mv was published for github.com/arnika-project/arnika (Go) May 15, 2026
dpolzoni Credited to dpolzoni and nean-and-i nean-and-i nean-and-i
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution Moderate
GHSA-vfvv-c25p-m7mm was published for rkyv (Rust) May 15, 2026
Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE Moderate
GHSA-wxw3-q3m9-c3jr was published for better-auth (npm) May 15, 2026
Jvr2022 Credited to Jvr2022 and alavesa alavesa alavesa
Weblate: Stored HTML injection in editor search preview Moderate
CVE-2026-45106 was published for weblate (pip) May 15, 2026
adrgs Credited to adrgs, aisafe-bot, and nijel aisafe-bot aisafe-bot
nijel nijel
SimpleSAMLphp casserver: Open Redirect in logout Moderate
CVE-2025-65954 was published for simplesamlphp/simplesamlphp-module-casserver (Composer) May 15, 2026
pradtke Credited to pradtke
* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently... Moderate Unreviewed
CVE-2025-14972 was published May 15, 2026
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure... Moderate Unreviewed
CVE-2025-67437 was published May 15, 2026
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method... Moderate Unreviewed
CVE-2026-39052 was published May 15, 2026
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing... Moderate Unreviewed
CVE-2026-39053 was published May 15, 2026
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi... Moderate Unreviewed
CVE-2026-8669 was published May 15, 2026
Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on... Moderate Unreviewed
CVE-2026-8454 was published May 15, 2026
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. ... Moderate Unreviewed
CVE-2026-8503 was published May 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database