Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,245 advisories

Loading
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding Moderate
CVE-2026-44662 was published for openssl (Rust) May 7, 2026
utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol Moderate
CVE-2026-44661 was published for utcp-http (pip) May 7, 2026
Fleet: IP spoofing allows bypassing API rate limiting Moderate
CVE-2026-46356 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
Fleet vulnerable to OS command injection in software packages Moderate
CVE-2026-26191 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode Moderate
CVE-2026-45148 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
StarPlatinu Credited to StarPlatinu
SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk Moderate
CVE-2026-45147 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
StarPlatinu Credited to StarPlatinu
Fleet has a rate limiting bypass via untrusted client IP headers Moderate
CVE-2026-24000 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
Strapi Upload Plugin MIME Validation Bypass via Content API Moderate
CVE-2026-22707 was published for @strapi/upload (npm) May 14, 2026
kaminuma Credited to kaminuma and arkmarta arkmarta arkmarta
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying Moderate
CVE-2025-64526 was published for @strapi/plugin-users-permissions (npm) May 13, 2026
adriatikii Credited to adriatikii and derrickmehaffy derrickmehaffy derrickmehaffy
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure... Moderate Unreviewed
CVE-2025-67437 was published May 15, 2026
Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring... Moderate Unreviewed
CVE-2026-20881 was published May 12, 2026
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing... Moderate Unreviewed
CVE-2026-39053 was published May 15, 2026
In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock... Moderate Unreviewed
CVE-2026-43340 was published May 8, 2026
Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6... Moderate Unreviewed
CVE-2026-20905 was published May 12, 2026
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0... Moderate Unreviewed
CVE-2026-20914 was published May 12, 2026
In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when... Moderate Unreviewed
CVE-2026-43346 was published May 8, 2026
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13... Moderate Unreviewed
CVE-2026-20717 was published May 12, 2026
Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within... Moderate Unreviewed
CVE-2026-20782 was published May 12, 2026
Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13... Moderate Unreviewed
CVE-2026-20793 was published May 12, 2026
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13... Moderate Unreviewed
CVE-2026-20771 was published May 12, 2026
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL... Moderate Unreviewed
CVE-2026-43337 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift... Moderate Unreviewed
CVE-2026-43348 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to... Moderate Unreviewed
CVE-2026-43333 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init... Moderate Unreviewed
CVE-2026-43351 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct... Moderate Unreviewed
CVE-2026-43306 was published May 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database