Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

10,538 advisories

Loading
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized... Critical Unreviewed
CVE-2026-42826 was published May 8, 2026
Ech0 comment model's Email field returned on public /api/comments endpoints Moderate
GHSA-rj4g-rqgh-rx9h was published for github.com/lin-snow/Ech0 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
FacturaScripts Vulnerable to Unauthenticated phpinfo() Disclosure via Installer Endpoint Moderate
CVE-2026-42878 was published for facturascripts/facturascripts (Composer) May 7, 2026
preritpathak Credited to preritpathak
FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download Moderate
CVE-2026-27892 was published for facturascripts/facturascripts (Composer) May 7, 2026
sudo0xksh Credited to sudo0xksh
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction Critical
CVE-2026-42880 was published for github.com/argoproj/argo-cd/v3 (Go) May 7, 2026
hoang-prod Credited to hoang-prod
Vercel: Non-interactive mode includes CLI arguments in suggested command output Moderate
CVE-2026-44479 was published for vercel (npm) May 7, 2026
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening Critical
GHSA-9h64-2846-7x7f was published for github.com/getaxonflow/axonflow (Go) May 6, 2026
rpassword affected by partial password reveal when input is interrupted Low
GHSA-2p6r-x3vv-xqm2 was published for rpassword (Rust) May 6, 2026
DevLaTron Credited to DevLaTron and squell squell squell
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects... Moderate Unreviewed
CVE-2026-8033 was published May 6, 2026
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote... Moderate Unreviewed
CVE-2026-7999 was published May 6, 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6... High Unreviewed
CVE-2026-34474 was published May 6, 2026
DevSpace UI Server WebSocket CheckOrigin does not validate source High
CVE-2026-42283 was published for github.com/loft-sh/devspace (Go) May 6, 2026
b0b0haha Credited to b0b0haha
Nginx-UI Settings API Exposes Protected Secrets Moderate
CVE-2026-42223 was published for github.com/0xJacky/nginx-ui (Go) May 6, 2026
yotampe-pluto Credited to yotampe-pluto
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify... Low Unreviewed
CVE-2026-8028 was published May 6, 2026
HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified.... Moderate Unreviewed
CVE-2025-52613 was published May 6, 2026
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or... Low Unreviewed
CVE-2025-31984 was published May 6, 2026
HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue... Low Unreviewed
CVE-2025-31975 was published May 6, 2026
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but... Low Unreviewed
CVE-2025-31982 was published May 6, 2026
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a... Moderate Unreviewed
CVE-2025-31976 was published May 6, 2026
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function... Moderate Unreviewed
CVE-2026-8026 was published May 6, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This... High Unreviewed
CVE-2026-43646 was published May 6, 2026
AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization High
CVE-2026-43885 was published for wwbn/avideo (Composer) May 5, 2026
tronglinh23 Credited to tronglinh23
Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback Moderate
CVE-2026-42220 was published for github.com/0xJacky/Nginx-UI (Go) May 5, 2026
lilmingwa13 Credited to lilmingwa13
Prometheus Azure AD remote write OAuth client secret exposed via config API High
CVE-2026-42151 was published for github.com/prometheus/prometheus (Go) May 5, 2026
brettgervasoni Credited to brettgervasoni
gix's submodule name validation bypass + trust inheritance flaw enables path traversal and credential disclosure High
GHSA-p3hw-mv63-rf9w was published for gix (Rust) May 5, 2026
kodareef5 Credited to kodareef5
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database