Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

129,431 advisories

Loading
Ghost has incomplete CSRF protections around OTC use High
CVE-2026-29784 was published for ghost (npm) Mar 5, 2026
zeptoclaw has Android device shell blocklist bypass via argument permutation High
GHSA-hhjv-jq77-cmvx was published for zeptoclaw (Rust) Mar 5, 2026
zpbrent Credited to zpbrent
Parse Server's Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction High
CVE-2026-29182 was published for parse-server (npm) Mar 5, 2026
asukachloe Credited to asukachloe, mtrezza, and devanshbatham mtrezza mtrezza
devanshbatham devanshbatham
pyLoad has an Arbitrary File Write via Path Traversal in edit_package() High
CVE-2026-29778 was published for pyload-ng (pip) Mar 5, 2026
BaranTeyin1 Credited to BaranTeyin1 and MetinGerdan MetinGerdan MetinGerdan
Duplicate Advisory: Cache poisoning via insecure-by-default cache key High
GHSA-2m8c-2374-465f was published for pingora-cache (Rust) Mar 5, 2026 withdrawn
Multer Vulnerable to Denial of Service via Uncontrolled Recursion High
CVE-2026-3520 was published for multer (npm) Mar 5, 2026
yuki-matsuhashi Credited to yuki-matsuhashi, ctcpip, and UlisesGascon ctcpip ctcpip
UlisesGascon UlisesGascon
TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution High
CVE-2026-29186 was published for @backstage/plugin-techdocs-node (npm) Mar 5, 2026
Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows High
CVE-2025-15558 was published for github.com/docker/cli (Go) Mar 5, 2026
levpachmanov Credited to levpachmanov
SVGO DoS through entity expansion in DOCTYPE (Billion Laughs) High
CVE-2026-29074 was published for svgo (npm) Mar 4, 2026
ByamB4 Credited to ByamB4 and isaacs isaacs isaacs
ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover High
CVE-2026-29192 was published for github.com/zitadel/zitadel (Go) Mar 4, 2026
amit-laish Credited to amit-laish and livio-a livio-a livio-a
ZITADEL: Login V2 UI Policy Bypass Allows Unauthorized Self-Registration and Authentication High
CVE-2026-29193 was published for github.com/zitadel/zitadel (Go) Mar 4, 2026
amit-laish Credited to amit-laish and livio-a livio-a livio-a
Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint High
CVE-2026-29771 was published for github.com/gravitl/netmaker (Go) Mar 4, 2026
m4dn355 Credited to m4dn355
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker... High Unreviewed
CVE-2026-3539 was published Mar 4, 2026
Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a... High Unreviewed
CVE-2026-3542 was published Mar 4, 2026
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote... High Unreviewed
CVE-2026-3544 was published Mar 4, 2026
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote... High Unreviewed
CVE-2026-3541 was published Mar 4, 2026
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a... High Unreviewed
CVE-2026-3540 was published Mar 4, 2026
Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to... High Unreviewed
CVE-2026-3538 was published Mar 4, 2026
Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to... High Unreviewed
CVE-2026-3536 was published Mar 4, 2026
Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote... High Unreviewed
CVE-2026-3543 was published Mar 4, 2026
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a... High Unreviewed
CVE-2026-3537 was published Mar 4, 2026
NLTK has a Path Traversal issue High
CVE-2026-0847 was published for nltk (pip) Mar 4, 2026
Fickling missing RCE-capable modules in UNSAFE_IMPORTS High
GHSA-5hwf-rc88-82xm was published for fickling (pip) Mar 4, 2026
yash2998chhabria Credited to yash2998chhabria
Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked High
GHSA-wccx-j62j-r448 was published for fickling (pip) Mar 4, 2026
mldangelo Credited to mldangelo
changedetection.io has Zip Slip vulnerability in the backup restore functionality High
CVE-2026-29065 was published for changedetection.io (pip) Mar 4, 2026
pussycat0x Credited to pussycat0x and neo-ai-engineer neo-ai-engineer neo-ai-engineer
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database