Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor High
CVE-2026-43943 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
Electerm's full process.env exposed to renderer via window.pre.env Moderate
CVE-2026-43942 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click High
CVE-2026-43941 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
Electerm runWidget has a path traversal that leads to arbitrary code execution Critical
CVE-2026-43940 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery Critical
CVE-2026-44523 was published for github.com/enchant97/note-mark/backend (Go) May 7, 2026
osageling Credited to osageling and enchant97 enchant97 enchant97
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database