Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,221 advisories

Loading
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized... Critical Unreviewed
CVE-2026-42826 was published May 8, 2026
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data... Critical Unreviewed
CVE-2026-7891 was published May 8, 2026
Improper neutralization of special elements used in a command ('command injection') in Azure... Critical Unreviewed
CVE-2026-35428 was published May 8, 2026
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized... Critical Unreviewed
CVE-2026-33109 was published May 8, 2026
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information... Critical Unreviewed
CVE-2026-33823 was published May 8, 2026
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized... Critical Unreviewed
CVE-2026-33844 was published May 8, 2026
Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery Critical
CVE-2026-44523 was published for github.com/enchant97/note-mark/backend (Go) May 7, 2026
osageling Credited to osageling and enchant97 enchant97 enchant97
Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs Critical
GHSA-cwfq-rfcr-8hmp was published for zebrad (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec, defuse, and mpguerra defuse defuse
mpguerra mpguerra
Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Critical
CVE-2026-44497 was published for zebra-script (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec
Zebra's Block Validator Undercounts Coinbase and P2SH Sigops Critical
CVE-2026-44498 was published for zebrad (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec, upbqdn, mpguerra, and defuse upbqdn upbqdn
mpguerra mpguerra defuse defuse
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware... Critical Unreviewed
CVE-2026-7414 was published May 7, 2026
query-parser-string is vulnerable to Prototype Pollution Critical
CVE-2025-63704 was published for query-string-parser (npm) May 7, 2026
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections... Critical Unreviewed
CVE-2026-7415 was published May 7, 2026
parse-ini is vulnerable to Prototype Pollution in index.js() Critical
CVE-2025-63703 was published for parse-ini (npm) May 7, 2026
Compromised version of intercom-client published to npm Critical
GHSA-54pg-9963-v8vg was published for intercom-client (npm) May 7, 2026
Compromised tag of intercom-php published via GitHub Critical
GHSA-gr3r-crp5-qrrm was published for intercom/intercom-php (Composer) May 7, 2026
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content... Critical Unreviewed
CVE-2026-36458 was published May 7, 2026
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information... Critical Unreviewed
CVE-2026-6795 was published May 7, 2026
next-npm-version is vulnerable to Command injection Critical
CVE-2025-63706 was published for @jswork/next-npm-version (npm) May 7, 2026
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was... Critical Unreviewed
CVE-2026-8091 was published May 7, 2026
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2. Critical Unreviewed
CVE-2026-8094 was published May 7, 2026
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP... Critical Unreviewed
CVE-2026-30496 was published May 7, 2026
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc.... Critical Unreviewed
CVE-2026-5791 was published May 7, 2026
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute... Critical Unreviewed
CVE-2026-33587 was published May 7, 2026
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute... Critical Unreviewed
CVE-2026-6508 was published May 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database