Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Flight vulnerable to sensitive information disclosure via default error handler High
CVE-2026-42552 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass High
CVE-2026-42551 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
Flight vulnerable to SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete High
CVE-2026-42550 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root Moderate
CVE-2026-42549 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp() High
CVE-2026-42548 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database