Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,224 advisories

Loading
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail... Critical Unreviewed
CVE-2026-32661 was published May 13, 2026
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2... Critical Unreviewed
CVE-2025-11159 was published May 13, 2026
ELECOM wireless LAN access point devices do not require authentication to access some specific... Critical Unreviewed
CVE-2026-40621 was published May 13, 2026
ELECOM wireless LAN access point devices contain an OS command injection in processing of... Critical Unreviewed
CVE-2026-42062 was published May 13, 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in... Critical Unreviewed
CVE-2026-45185 was published May 12, 2026
The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset... Critical Unreviewed
CVE-2026-31242 was published May 12, 2026
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization... Critical Unreviewed
CVE-2026-31229 was published May 12, 2026
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection... Critical Unreviewed
CVE-2026-31230 was published May 12, 2026
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a... Critical Unreviewed
CVE-2025-65719 was published May 12, 2026
The torch-checkpoint-shrink.py script in the ml-engineering project in commit... Critical Unreviewed
CVE-2026-31214 was published May 12, 2026
Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns Critical
CVE-2026-41901 was published for org.thymeleaf:thymeleaf (Maven) May 4, 2026
cristianstaicu Credited to cristianstaicu
Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules Critical
CVE-2026-44262 was published for dedoc/scramble (Composer) May 6, 2026
FORIMOC Credited to FORIMOC
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass Critical
CVE-2026-43948 was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
django-s3file is vulnerable to relative path traversal Critical
CVE-2026-42196 was published for django-s3file (pip) May 5, 2026
stsewd Credited to stsewd and amureki amureki amureki
ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases Critical
CVE-2026-44221 was published for com.arcadedb:arcadedb-server (Maven) May 5, 2026
DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header Critical
CVE-2026-42300 was published for github.com/l3montree-dev/devguard (Go) May 5, 2026
Langflow Knowledge Bases API is Vulnerable to Path Traversal Critical
CVE-2026-42048 was published for langflow (pip) May 5, 2026
ddlxstudio Credited to ddlxstudio, nekros1xx, AntonioABLima, Cristhianzl, and andifilhohub nekros1xx nekros1xx
AntonioABLima AntonioABLima Cristhianzl Cristhianzl andifilhohub andifilhohub
Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys Critical
CVE-2026-45321 was published for @tanstack/arktype-adapter (npm) May 12, 2026
ashishkurmi Credited to ashishkurmi
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode) Critical
CVE-2026-45091 was published for io.github.davidalmeidac:sealed-env-core (Maven) May 12, 2026
davidalmeidac Credited to davidalmeidac
Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions Critical
CVE-2026-27446 was published for org.apache.activemq:artemis-server (Maven) Mar 4, 2026
RoadRunner is at risk of HTTP Request/Response Smuggling through vulnerable dependency Critical
CVE-2025-22871 was published for spiral/roadrunner (Composer) Apr 8, 2025
dt-thomas-durand Credited to dt-thomas-durand
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization Critical
CVE-2026-39324 was published for rack-session (RubyGems) Apr 8, 2026
sm1ee Credited to sm1ee, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
Decidim has a cross-site scripting (XSS) in user name Critical
CVE-2026-23891 was published for decidim-core (RubyGems) Apr 13, 2026
cyberschnaps Credited to cyberschnaps
Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy Critical
CVE-2026-45083 was published for io.goobi.viewer:viewer-core (Maven) May 13, 2026
Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server Critical
GHSA-vw82-7fv8-r6gp was published for github.com/obot-platform/obot (Go) May 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database