Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,245 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450:... Moderate Unreviewed
CVE-2026-43335 was published May 8, 2026
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where... Moderate Unreviewed
CVE-2026-46361 was published May 15, 2026
phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in... Moderate Unreviewed
CVE-2026-46362 was published May 15, 2026
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api... Moderate Unreviewed
CVE-2026-46365 was published May 15, 2026
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the... Moderate Unreviewed
CVE-2026-4054 was published May 15, 2026
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to... Moderate Unreviewed
CVE-2021-47963 was published May 15, 2026
phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that... Moderate Unreviewed
CVE-2026-45008 was published May 15, 2026
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes... Moderate Unreviewed
CVE-2026-45009 was published May 15, 2026
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and... Moderate Unreviewed
CVE-2026-46363 was published May 15, 2026
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer:... Moderate Unreviewed
CVE-2026-46360 was published May 15, 2026
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account... Moderate Unreviewed
CVE-2021-47962 was published May 15, 2026
Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2021-47968 was published May 15, 2026
PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow... Moderate Unreviewed
CVE-2021-47967 was published May 15, 2026
CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated... Moderate Unreviewed
CVE-2021-47958 was published May 15, 2026
phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where... Moderate Unreviewed
CVE-2026-45007 was published May 15, 2026
In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s:... Moderate Unreviewed
CVE-2026-43354 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for... Moderate Unreviewed
CVE-2026-43316 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit... Moderate Unreviewed
CVE-2026-43349 was published May 8, 2026
A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis... Moderate Unreviewed
CVE-2026-4948 was published Mar 27, 2026
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG() on... Moderate Unreviewed
CVE-2026-43308 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough... Moderate Unreviewed
CVE-2026-43338 was published May 8, 2026
AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf` Moderate
CVE-2026-45619 was published for WWBN/AVideo (Composer) May 15, 2026
SnailSploit Credited to SnailSploit
AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA Moderate
CVE-2026-45610 was published for WWBN/AVideo (Composer) May 15, 2026
offset Credited to offset
AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute Moderate
CVE-2026-45580 was published for WWBN/AVideo (Composer) May 15, 2026
offset Credited to offset
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method... Moderate Unreviewed
CVE-2026-39052 was published May 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database