Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook Critical
CVE-2026-42596 was published for github.com/gotenberg/gotenberg/v8 (Go) May 7, 2026
R1ZZG0D Credited to R1ZZG0D
goshs has an empty-username SFTP password authentication bypass Critical
CVE-2026-40884 was published for github.com/patrickhener/goshs (Go) Apr 14, 2026
R1ZZG0D Credited to R1ZZG0D
goshs has a file-based ACL authorization bypass in goshs state-changing routes Critical
CVE-2026-40189 was published for github.com/patrickhener/goshs (Go) Apr 10, 2026
R1ZZG0D Credited to R1ZZG0D
PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions Critical
CVE-2026-40289 was published for PraisonAI (pip) Apr 10, 2026
R1ZZG0D Credited to R1ZZG0D
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database