Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,221 advisories

Loading
SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution Critical
CVE-2026-45375 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
Revanth011 Credited to Revanth011
Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy Critical
CVE-2026-45083 was published for io.goobi.viewer:viewer-core (Maven) May 13, 2026
Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server Critical
GHSA-vw82-7fv8-r6gp was published for github.com/obot-platform/obot (Go) May 13, 2026
Mapfish Print: Remote Code Injection (RCE) in Dynamic table Critical
CVE-2026-44672 was published for org.mapfish.print:print-lib (Maven) May 13, 2026
SillyTavern has a Path Traversal issue Critical
CVE-2026-44650 was published for sillytavern (npm) May 12, 2026
ygboy777-alt Credited to ygboy777-alt, Greg-Kim, S4nso, and Mirr2 Greg-Kim Greg-Kim
S4nso S4nso Mirr2 Mirr2
SillyTavern has Authentication Bypass via SSO Header Injection Critical
CVE-2026-44649 was published for sillytavern (npm) May 12, 2026
kirakira-dev Credited to kirakira-dev
esm.sh: Legacy Route Path Traversal Can Lead to RCE Critical
CVE-2026-44593 was published for github.com/esm-dev/esm.sh (Go) May 12, 2026
splitline Credited to splitline
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in... Critical Unreviewed
CVE-2026-45185 was published May 12, 2026
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space... Critical Unreviewed
CVE-2026-8430 was published May 12, 2026
An administrative user with access to configure webhooks can execute arbitrary commands by... Critical Unreviewed
CVE-2026-8431 was published May 12, 2026
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of... Critical Unreviewed
CVE-2026-34659 was published May 12, 2026
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect... Critical Unreviewed
CVE-2026-34660 was published May 12, 2026
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator... Critical Unreviewed
CVE-2026-44277 was published May 12, 2026
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2026-42823 was published May 12, 2026
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an... Critical Unreviewed
CVE-2026-42833 was published May 12, 2026
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises)... Critical Unreviewed
CVE-2026-42898 was published May 12, 2026
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira &... Critical Unreviewed
CVE-2026-41103 was published May 12, 2026
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code... Critical Unreviewed
CVE-2026-41089 was published May 12, 2026
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute... Critical Unreviewed
CVE-2026-41096 was published May 12, 2026
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. Critical Unreviewed
CVE-2026-40402 was published May 12, 2026
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an... Critical Unreviewed
CVE-2026-40379 was published May 12, 2026
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature... Critical Unreviewed
CVE-2026-33117 was published May 12, 2026
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions... Critical Unreviewed
CVE-2026-31236 was published May 12, 2026
The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its... Critical Unreviewed
CVE-2026-31235 was published May 12, 2026
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its... Critical Unreviewed
CVE-2026-31237 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database