Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

416 advisories

Loading
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue... High Unreviewed
CVE-2025-14771 was published Jun 3, 2026
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can... Moderate Unreviewed
CVE-2026-40425 was published May 29, 2026
IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a... High Unreviewed
CVE-2024-56462 was published May 27, 2026
Files or directories accessible to external parties vulnerability in redis-server component in... Moderate Unreviewed
CVE-2024-11399 was published May 27, 2026
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF)... Moderate Unreviewed
CVE-2026-40564 was published May 26, 2026
Algernon: handler.lua discovery walks parent directories above the server root Critical
CVE-2026-45721 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. Unknown Unreviewed
CVE-2026-8704 was published May 16, 2026
Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/ Moderate
GHSA-g39v-cvjh-8fpf was published for ha-mcp (pip) May 14, 2026
bharat Credited to bharat
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from... Moderate Unreviewed
CVE-2026-33380 was published May 13, 2026
A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource... Moderate Unreviewed
CVE-2026-42063 was published May 13, 2026
An authenticated attacker with the Resource Administrator or Administrator role can modify... High Unreviewed
CVE-2026-40631 was published May 13, 2026
Files or directories accessible to external parties in Microsoft Office Word allows an... Moderate Unreviewed
CVE-2026-35440 was published May 12, 2026
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized... Moderate Unreviewed
CVE-2026-32185 was published May 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion... Critical Unreviewed
CVE-2026-31216 was published May 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion... Critical Unreviewed
CVE-2026-31215 was published May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` High
CVE-2026-45088 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15... High Unreviewed
CVE-2026-39871 was published May 11, 2026
pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities High
CVE-2026-7817 was published for pgadmin4 (pip) May 11, 2026
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening Moderate
GHSA-cqmh-pcgr-q42f was published for @axonflow/openclaw (npm) May 6, 2026
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly... Moderate Unreviewed
CVE-2026-5335 was published May 4, 2026
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its... High Unreviewed
CVE-2025-7389 was published Apr 14, 2026
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the... Critical Unreviewed
CVE-2019-25709 was published Apr 12, 2026
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client... Moderate Unreviewed
CVE-2021-47960 was published Apr 10, 2026
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration High
GHSA-57gh-m6rq-54cf was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft Critical
CVE-2026-34361 was published for ca.uhn.hapi.fhir:org.hl7.fhir.validation (Maven) Mar 30, 2026
offset Credited to offset
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database