Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,115
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,417
Swift
61
Unreviewed advisories
All unreviewed
5,000+

4,115 advisories

Loading
OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering Moderate
CVE-2026-53541 was published for github.com/OliveTin/OliveTin (Go) Jun 24, 2026
iconnnjka Credited to iconnnjka
OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration Low
CVE-2026-48709 was published for github.com/OliveTin/OliveTin (Go) Jun 24, 2026
offset Credited to offset
OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination High
CVE-2026-48708 was published for github.com/OliveTin/OliveTin (Go) Jun 24, 2026
knight-yagami Credited to knight-yagami
OpenTofu: Provider cache installation follows root-module-controlled package directory symlink and writes outside the working tree Moderate
GHSA-wcmj-x466-56mm was published for github.com/opentofu/opentofu (Go) Jun 23, 2026
opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent Moderate
CVE-2026-48496 was published for go.opentelemetry.io/ebpf-profiler (Go) Jun 23, 2026
alban Credited to alban, christos68k, and florianl christos68k christos68k
florianl florianl
Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir High
CVE-2026-48126 was published for github.com/xyproto/algernon (Go) Jun 23, 2026
fg0x0 Credited to fg0x0
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS Moderate
CVE-2026-52816 was published for gogs.io/gogs (Go) Jun 23, 2026
JLGitHub66 Credited to JLGitHub66
Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API Moderate
CVE-2026-52815 was published for gogs.io/gogs (Go) Jun 23, 2026
Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion) Moderate
CVE-2026-52814 was published for gogs.io/gogs (Go) Jun 23, 2026
M0oo0ry Credited to M0oo0ry
Gogs has Path Traversal in organization name that results in RCE through Git hooks Critical
CVE-2026-52813 was published for gogs.io/gogs (Go) Jun 23, 2026
Aikido-Security Credited to Aikido-Security, JorianWoltjer, and grumpinout1 JorianWoltjer JorianWoltjer
grumpinout1 grumpinout1
Gogs: LFS dedupe path leaks private repo content across tenants High
CVE-2026-52812 was published for gogs.io/gogs (Go) Jun 23, 2026
amwhoi Credited to amwhoi
Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym Critical
CVE-2026-52811 was published for gogs.io/gogs (Go) Jun 23, 2026
amwhoi Credited to amwhoi
Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion High
CVE-2026-52810 was published for gogs.io/gogs (Go) Jun 23, 2026
Aikido-Security Credited to Aikido-Security, JorianWoltjer, and grumpinout1 JorianWoltjer JorianWoltjer
grumpinout1 grumpinout1
Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES Moderate
CVE-2026-52809 was published for gogs.io/gogs (Go) Jun 23, 2026
bugbunny-research Credited to bugbunny-research
Gogs's write-level collaborators can mutate admin-only repository settings via API High
CVE-2026-52808 was published for gogs.io/gogs (Go) Jun 23, 2026
bugbunny-research Credited to bugbunny-research
Gogs has DOM-based XSS via Milestone Name on New Issue Page High
CVE-2026-52807 was published for gogs.io/gogs (Go) Jun 23, 2026
Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge Critical
CVE-2026-52806 was published for gogs.io/gogs (Go) Jun 23, 2026
Crypto-Cat Credited to Crypto-Cat
Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft High
CVE-2026-52805 was published for gogs.io/gogs (Go) Jun 23, 2026
u-ktdi Credited to u-ktdi
Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation Moderate
CVE-2026-52804 was published for gogs.io/gogs (Go) Jun 23, 2026
CE2Sec Credited to CE2Sec
Gogs has an Open Redirect via redirect_to Moderate
CVE-2026-52802 was published for gogs.io/gogs (Go) Jun 23, 2026
quirmz Credited to quirmz
Gogs has the ability to import local repositories via Mirror Settings High
CVE-2026-52801 was published for gogs.io/gogs (Go) Jun 23, 2026
KKC73 Credited to KKC73
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover High
CVE-2026-52800 was published for gogs.io/gogs (Go) Jun 23, 2026
odgrso Credited to odgrso
Gogs Missing Authorization in Attachment Download High
CVE-2026-52799 was published for gogs.io/gogs (Go) Jun 22, 2026
odgrso Credited to odgrso
Gogs has Stored XSS in `.ipynb` Preview High
CVE-2026-52798 was published for gogs.io/gogs (Go) Jun 22, 2026
odgrso Credited to odgrso
Gogs has DoS in rendering issue index pattern Low
CVE-2026-52796 was published for gogs.io/gogs (Go) Jun 22, 2026
BaiMeow Credited to BaiMeow
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database