Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,134
Maven
5,000+
npm
5,000+
NuGet
1,013
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,419
Swift
61
Unreviewed advisories
All unreviewed
5,000+

572 advisories

Loading
Snipe-IT API Vulnerable to Cross-Tenant Accessory Injection High
CVE-2026-54329 was published for snipe/snipe-it (Composer) Jun 23, 2026
tahirsercan Credited to tahirsercan
OpenAM has LDAP Injection via `_queryId` Parameter High
CVE-2026-41573 was published for org.openidentityplatform.openam:openam-core-rest (Maven) Jun 22, 2026
nn0nkey Credited to nn0nkey
containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull High
CVE-2026-53488 was published for github.com/containerd/containerd (Go) Jun 19, 2026
robertprast Credited to robertprast
Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode High
GHSA-4jgr-pg2m-m988 was published for github.com/dadrus/heimdall (Go) Jun 18, 2026
tikket1 Credited to tikket1
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an... High Unreviewed
CVE-2026-50107 was published Jun 17, 2026
yt-dlp: Arbitrary code execution via manifest downloads with aria2c High
CVE-2026-50574 was published for yt-dlp (pip) Jun 16, 2026
seproDev Credited to seproDev, Grub4K, and bashonly Grub4K Grub4K
bashonly bashonly
A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the... High Unreviewed
CVE-2026-12197 was published Jun 15, 2026
A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this... High Unreviewed
CVE-2026-12187 was published Jun 15, 2026
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function... High Unreviewed
CVE-2026-12186 was published Jun 14, 2026
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection High
CVE-2025-27511 was published for org.geoserver.extension:gs-db2 (Maven) Jun 11, 2026
H4cking2theGate Credited to H4cking2theGate, jodygarnett, and aaime jodygarnett jodygarnett
aaime aaime
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... High Unreviewed
CVE-2026-47634 was published Jun 9, 2026
Improper neutralization of special elements in output used by a downstream component ('injection'... High Unreviewed
CVE-2026-42835 was published Jun 9, 2026
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7... High Unreviewed
CVE-2026-8795 was published Jun 9, 2026
Froxlor: BIND Zone File Injection via TXT Record Content High
CVE-2026-41234 was published for froxlor/froxlor (Composer) Jun 3, 2026
hett-patell Credited to hett-patell and SKaif009 SKaif009 SKaif009
IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to... High Unreviewed
CVE-2026-7770 was published Jun 1, 2026
Froxlor has an incomplete fix for CVE-2026-30932 High
CVE-2026-41237 was published for froxlor/froxlor (Composer) May 29, 2026
Improper neutralization of special elements in output used by a downstream component ('injection'... High Unreviewed
CVE-2026-33833 was published May 12, 2026
Improper neutralization of special elements in output used by a downstream component ('injection'... High Unreviewed
CVE-2026-26164 was published May 8, 2026
Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection High
CVE-2026-42334 was published for mongoose (npm) May 5, 2026
cataliniovita-snyk Credited to cataliniovita-snyk and katzj katzj katzj
A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the... High Unreviewed
CVE-2026-7833 was published May 5, 2026
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function... High Unreviewed
CVE-2026-7548 was published May 1, 2026
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function... High Unreviewed
CVE-2026-7160 was published Apr 28, 2026
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element... High Unreviewed
CVE-2026-7039 was published Apr 26, 2026
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if... High Unreviewed
CVE-2026-0972 was published Apr 21, 2026
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters High
GHSA-27qh-8cxx-2cr5 was published for aws/aws-sdk-php (Composer) Mar 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database