Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

10,820 advisories

Loading
Absinthe: Unbounded atom creation from parsed directive name High
CVE-2026-42793 was published for absinthe (Erlang) May 14, 2026
PJUllrich Credited to PJUllrich and cschiewek cschiewek cschiewek
SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs High
CVE-2026-45371 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
fg0x0 Credited to fg0x0
Anchor: `InterfaceAccount` allows account substitution between unexpected types High
GHSA-429q-fhh4-r6hj was published for anchor-lang (Rust) May 13, 2026
acheroncrypto Credited to acheroncrypto
uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution High
CVE-2026-45152 was published for gitlab.com/uniget-org/cli (Go) May 13, 2026
0x5t4l1n Credited to 0x5t4l1n
Anchor: Program<'info, System> is not properly validated High
CVE-2026-45137 was published for anchor-lang (Rust) May 13, 2026
Matthias1590 Credited to Matthias1590
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh High
CVE-2026-45136 was published for claude-code-cache-fix (npm) May 13, 2026
schuay Credited to schuay
Nautobot: GitRepository.current_head field should not be writable through REST API High
CVE-2026-44798 was published for nautobot (pip) May 13, 2026
holmie Credited to holmie
Nautobot: Webhook definitions could be used for server-side request forgery (SSRF) High
CVE-2026-44797 was published for nautobot (pip) May 13, 2026
whatisproblem Credited to whatisproblem
Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray() High
CVE-2026-44738 was published for getgrav/grav (Composer) May 13, 2026
Revanth011 Credited to Revanth011
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning High
CVE-2026-45134 was published for langchain (npm) May 13, 2026
Moaaz-0x Credited to Moaaz-0x and berardinellidaniele berardinellidaniele berardinellidaniele
Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name High
CVE-2026-44724 was published for systeminformation (npm) May 13, 2026
thesmartshadow Credited to thesmartshadow
Klever-Go MultiDataInterceptor has remote OOM via crafted compressed P2P payload High
CVE-2026-44697 was published for github.com/klever-io/klever-go (Go) May 13, 2026
fbsobreira Credited to fbsobreira
UltraJSON has a Memory Leak in ujson.dump() on Write Failure High
CVE-2026-44660 was published for ujson (pip) May 12, 2026
Zwique Credited to Zwique, bwoodsend, hugovk, and BeBecpp bwoodsend bwoodsend
hugovk hugovk BeBecpp BeBecpp
SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover High
CVE-2026-44648 was published for sillytavern (npm) May 12, 2026
zzzm0919 Credited to zzzm0919
esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files High
CVE-2026-44594 was published for github.com/esm-dev/esm.sh (Go) May 12, 2026
donttrytofindme Credited to donttrytofindme
Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode) High
CVE-2026-45090 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
bugbunny-research Credited to bugbunny-research
Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option High
CVE-2026-45089 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` High
CVE-2026-45088 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
protobuf.js: Code injection in pbjs static output from crafted schema names High
CVE-2026-44295 was published for protobufjs-cli (npm) May 12, 2026
VladimirEliTokarev Credited to VladimirEliTokarev and dcodeIO dcodeIO dcodeIO
protobuf.js: Code injection through bytes field defaults in generated toObject code High
CVE-2026-44293 was published for protobufjs (npm) May 12, 2026
mbaraniak-exodus Credited to mbaraniak-exodus and dcodeIO dcodeIO dcodeIO
protobuf.js: Code generation gadget after prototype pollution High
CVE-2026-44291 was published for protobufjs (npm) May 12, 2026
VladimirEliTokarev Credited to VladimirEliTokarev and dcodeIO dcodeIO dcodeIO
protobuf.js: Process-wide denial of service through unsafe option paths High
CVE-2026-44290 was published for protobufjs (npm) May 12, 2026
AKiileX Credited to AKiileX, VladimirEliTokarev, and dcodeIO VladimirEliTokarev VladimirEliTokarev
dcodeIO dcodeIO
protobuf.js: Denial of service through unbounded protobuf recursion High
CVE-2026-44289 was published for protobufjs (npm) May 12, 2026
peaktwilight Credited to peaktwilight, VladimirEliTokarev, AKiileX, tndud042713, dcodeIO, and alexander-fenster VladimirEliTokarev VladimirEliTokarev
AKiileX AKiileX tndud042713 tndud042713 dcodeIO dcodeIO alexander-fenster alexander-fenster
protobuf.js is Vulnerable to OS Command Injection in the CLI High
CVE-2026-42290 was published for protobufjs-cli (npm) May 12, 2026
0x5t4l1n Credited to 0x5t4l1n and dcodeIO dcodeIO dcodeIO
MantisBT Vulnerable to Stored XSS in File Download High
CVE-2026-44657 was published for mantisbt/mantisbt (Composer) May 11, 2026
siunam321 Credited to siunam321 and dregad dregad dregad
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database