Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

2,185 advisories

Loading
Django Uses Persistent Cookies Containing Sensitive Information Low
CVE-2026-35192 was published for Django (pip) May 5, 2026
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Low
CVE-2026-42040 was published for axios (npm) May 5, 2026
August829 Credited to August829
sequoia-git has broken hard revocation handling Low
GHSA-g27r-r6ph-vf5r was published for sequoia-git (Rust) May 4, 2026
net-imap has quadratic complexity when reading response literals Low
CVE-2026-42245 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) Low
CVE-2026-42183 was published for github.com/argoproj/argo-workflows/v4 (Go) May 4, 2026
Wernerina Credited to Wernerina, Joibel, and isubasinghe Joibel Joibel
isubasinghe isubasinghe
Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots Low
CVE-2026-40243 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
OpenClaw: Slack thread context could include messages from non-allowlisted senders Low
CVE-2026-41358 was published for openclaw (npm) May 4, 2026
AntAISecurityLab Credited to AntAISecurityLab
@puchunjie/doc-tools-mcp has a Path Traversal Issue Low
CVE-2026-7738 was published for @puchunjie/doc-tools-mcp (npm) May 4, 2026
Dolibarr has Insufficient Verification of Data Authenticity Low
CVE-2026-7689 was published for dolibarr/dolibarr (Composer) May 3, 2026
Dolibarr has an Injection issue Low
CVE-2026-7688 was published for dolibarr/dolibarr (Composer) May 3, 2026
yii2-mcp-server has a Command Injection Issue Low
CVE-2026-7600 was published for yii2-mcp-server (npm) May 2, 2026
mem0ai mem0 has an Improper Input Validation Issue Low
CVE-2026-7597 was published for mem0ai (pip) May 2, 2026
ps_checkout allows unauthorized method invocation through unvalidated parameter Low
GHSA-mqq7-wxx5-mp8h was published for prestashop/ps_checkout (Composer) Apr 30, 2026
ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction Low
GHSA-28xx-pppm-vqff was published for github.com/ydb-platform/ydb-go-sdk/v3 (Go) Apr 30, 2026
kprokopenko Credited to kprokopenko and asmyasnikov asmyasnikov asmyasnikov
django-mdeditor is Missing Authentication for Critical Function Low
CVE-2025-13030 was published for django-mdeditor (pip) Apr 30, 2026
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send Low
CVE-2026-41663 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment Low
CVE-2026-41659 was published for admidio/admidio (Composer) Apr 29, 2026
offset Credited to offset
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. Low
CVE-2026-22741 was published for org.springframework:spring-webflux (Maven) Apr 29, 2026
Spring Framework DoS with Multipart Temp Files in WebFlux Low
CVE-2026-22740 was published for org.springframework:spring-webflux (Maven) Apr 29, 2026
Duplicate Advisory: Grav has Insecure Deserialization in File Cache Low
GHSA-j7rw-325j-2rmx was published for getgrav/grav (Composer) Apr 29, 2026 withdrawn
xxl-job has a Resource Injection issue Low
CVE-2026-7303 was published for com.xuxueli:xxl-job-admin (Maven) Apr 29, 2026
Spring gRPC AuthenticationException messages are reflected to remote client Low
CVE-2026-40969 was published for org.springframework.grpc:spring-grpc (Maven) Apr 28, 2026
auto-favicon has a Server-Side Request Forgery issue Low
CVE-2026-7150 was published for auto-favicon (pip) Apr 27, 2026
vLLM makes Use of Uninitialized Resource Low
CVE-2026-7141 was published for vllm (pip) Apr 27, 2026
Wooey has an Incorrect Privilege Assignment issue Low
CVE-2026-7142 was published for wooey (pip) Apr 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database