Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12,052 advisories

Loading
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses Critical
GHSA-wpqr-6v78-jr5g was published for @google/gemini-cli (GitHub Actions) Apr 24, 2026
DanusMinimus Credited to DanusMinimus and EladMeged-Novee EladMeged-Novee EladMeged-Novee
Improper Input Validation, Improper Control of Generation of Code ('Code Injection')... High Unreviewed
CVE-2026-41044 was published Apr 24, 2026
Improper Input Validation, Improper Control of Generation of Code ('Code Injection')... High Unreviewed
CVE-2026-40466 was published Apr 24, 2026
Apache Struts Remote Java Code Execution Critical
CVE-2012-0391 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ Credited to sunSUNQ
Flowise: Parameter Override Bypass Remote Command Execution High
CVE-2026-41268 was published for flowise (npm) Apr 16, 2026
retpoline Credited to retpoline
Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association High
CVE-2026-41267 was published for flowise (npm) Apr 16, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
k8sGPT has Prompt Injection through its k8sGPT-Operator High
GHSA-rp7v-4384-hfrp was published for github.com/k8sgpt-ai/k8sgpt (Go) Apr 24, 2026
haruki3hhh Credited to haruki3hhh
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution High
CVE-2026-40068 was published for @anthropic-ai/claude-code (npm) Apr 24, 2026
Cockpit has NoSQL Injection Through Content Aggregation Pipelines Low
CVE-2026-6626 was published for cockpit-hq/cockpit (Composer) Apr 20, 2026
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved... High Unreviewed
CVE-2026-33797 was published Apr 10, 2026
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5... Moderate Unreviewed
CVE-2026-31192 was published Apr 22, 2026
The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions... Moderate Unreviewed
CVE-2026-1782 was published Apr 22, 2026
Rand is unsound with a custom logger using rand::rng() Low
GHSA-cq8v-f236-94qc was published for rand (Rust) Apr 14, 2026
simonhollingshead Credited to simonhollingshead, ShoyuVanilla, and nbagnard ShoyuVanilla ShoyuVanilla
nbagnard nbagnard
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
Vulnerability in Spring Spring Security. When an application configures JWT decoding with... Moderate Unreviewed
CVE-2026-22748 was published Apr 22, 2026
A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret... Moderate Unreviewed
CVE-2026-35380 was published Apr 22, 2026
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command... Low Unreviewed
CVE-2026-35377 was published Apr 22, 2026
An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1... Moderate Unreviewed
CVE-2026-35369 was published Apr 22, 2026
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs... Moderate Unreviewed
CVE-2026-35347 was published Apr 22, 2026
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6779 was published Apr 21, 2026
Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6777 was published Apr 21, 2026
Neko has a Self-service Privilege Escalation for Authenticated Users High
CVE-2026-39386 was published for github.com/m1k1o/neko/server (Go) Apr 21, 2026
blitzkrieg-patch Credited to blitzkrieg-patch
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths Critical
CVE-2026-32604 was published for io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo (Maven) Apr 21, 2026
LeftenantZero Credited to LeftenantZero and jasonmcintosh jasonmcintosh jasonmcintosh
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset... High Unreviewed
CVE-2025-13826 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database