Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,628 advisories

Loading
Portainer: JWT accepted in URL query leaks tokens to logs and referers High
CVE-2026-44883 was published for github.com/portainer/portainer (Go) May 14, 2026
scanpwn Credited to scanpwn
Portainer has an endpoint security bypass via Swarm service create/update Critical
CVE-2026-44849 was published for github.com/portainer/portainer (Go) May 14, 2026
JohannesLks Credited to JohannesLks and route2shell route2shell route2shell
Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization High
CVE-2026-44882 was published for github.com/portainer/portainer (Go) May 14, 2026
kolega-ai-dev Credited to kolega-ai-dev
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update High
CVE-2026-44881 was published for github.com/portainer/portainer (Go) May 14, 2026
b-hermes Credited to b-hermes
Portainer has a bind-mount restriction bypass via HostConfig.Mounts High
CVE-2026-44850 was published for github.com/portainer/portainer (Go) May 14, 2026
offensiveee Credited to offensiveee, alexwaira, Proscan-one, jeroengui, AyushParkara, and marduc812 alexwaira alexwaira
Proscan-one Proscan-one jeroengui jeroengui AyushParkara AyushParkara marduc812 marduc812
Portainer has a path traversal in backup archive extraction that allows arbitrary file write Moderate
CVE-2026-44885 was published for github.com/portainer/portainer (Go) May 14, 2026
kolega-ai-dev Credited to kolega-ai-dev
Portainer missing authorization on Docker plugin endpoints, which allows host RCE Critical
CVE-2026-44848 was published for github.com/portainer/portainer (Go) May 14, 2026
ikkebr Credited to ikkebr
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover High
CVE-2026-46480 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover High
CVE-2026-46479 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover High
CVE-2026-46478 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover High
CVE-2026-46477 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover High
CVE-2026-46476 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover High
CVE-2026-46475 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: Vector Store No Permission Checks High
CVE-2026-46444 was published for flowise (npm) May 14, 2026
Dimpyj1604 Credited to Dimpyj1604
Synapse pagination Denial of Service Moderate
CVE-2026-45076 was published for matrix-synapse (pip) May 14, 2026
Synapse CPU starvation (Denial of Service) High
CVE-2026-45078 was published for matrix-synapse (pip) May 14, 2026
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints High
CVE-2026-45732 was published for n8n (npm) May 14, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
n8n Has a Source Control Pull SQL Injection High
CVE-2026-44792 was published for n8n (npm) May 14, 2026
sm1ee Credited to sm1ee
n8n Has an XML Node Prototype Pollution Patch Bypass Critical
CVE-2026-44791 was published for n8n (npm) May 14, 2026
simonkoeck Credited to simonkoeck
n8n Has an Arbitrary File Read via Git Node Critical
CVE-2026-44790 was published for n8n (npm) May 14, 2026
simonkoeck Credited to simonkoeck
n8n: HTTP Request Node Pagination Prototype Pollution to RCE Critical
CVE-2026-44789 was published for n8n (npm) May 14, 2026
sm1ee Credited to sm1ee
pyzipper has an encryption bypass for small files encrypted using it Moderate
CVE-2026-44722 was published for pyzipper (pip) May 14, 2026
llavarello Credited to llavarello
wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager High
CVE-2026-43978 was published for wger (pip) May 14, 2026
KadirArslan Credited to KadirArslan
wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API High
CVE-2026-43977 was published for wger (pip) May 14, 2026
KadirArslan Credited to KadirArslan
@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input Moderate
CVE-2026-42853 was published for @apostrophecms/cli (npm) May 14, 2026
VadlaReddySai Credited to VadlaReddySai and Chittu13 Chittu13 Chittu13
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database