Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,221 advisories

Loading
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed
CVE-2021-47952 was published May 16, 2026
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to... Critical Unreviewed
CVE-2020-37239 was published May 16, 2026
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that... Critical Unreviewed
CVE-2020-37228 was published May 16, 2026
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload... Critical Unreviewed
CVE-2021-47965 was published May 15, 2026
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts... Critical Unreviewed
CVE-2026-45010 was published May 15, 2026
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha:... Critical Unreviewed
CVE-2026-46364 was published May 15, 2026
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud... Critical Unreviewed
CVE-2026-2031 was published May 15, 2026
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code... Critical Unreviewed
CVE-2026-41553 was published May 15, 2026
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML... Critical Unreviewed
CVE-2026-7182 was published May 15, 2026
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal... Critical Unreviewed
CVE-2026-41552 was published May 15, 2026
The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and... Critical Unreviewed
CVE-2026-5229 was published May 15, 2026
A supply chain attack compromised the official installation packages of DAEMON Tools Lite ... Critical Unreviewed
CVE-2026-8398 was published May 15, 2026
Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a... Critical Unreviewed
CVE-2026-0481 was published May 15, 2026
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows... Critical Unreviewed
CVE-2026-8634 was published May 14, 2026
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... Critical Unreviewed
CVE-2026-8580 was published May 14, 2026
Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... Critical Unreviewed
CVE-2026-8511 was published May 14, 2026
vm2 Has a Sandbox Breakout Using Async Generator Critical
CVE-2026-45411 was published for vm2 (npm) May 14, 2026
XmiliaH Credited to XmiliaH
utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol Critical
CVE-2026-45369 was published for utcp-cli (pip) May 14, 2026
ZeroXJacks Credited to ZeroXJacks
Marten has an injection vulnerability in its full-text search regConfig parameter Critical
CVE-2026-45288 was published for Marten (NuGet) May 14, 2026
@samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation Critical
GHSA-wf8q-wvv8-p8jf was published for @samanhappy/mcphub (npm) May 14, 2026
ibrahmsql Credited to ibrahmsql
Electerm Local code through electerm's single-instance socket Critical
CVE-2026-45353 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files Critical
CVE-2026-45374 was published for deepseek-tui (Rust) May 14, 2026
47Cid Credited to 47Cid
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval Critical
CVE-2026-45311 was published for deepseek-tui (npm) May 14, 2026
47Cid Credited to 47Cid
Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark Critical
CVE-2026-45058 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an... Critical Unreviewed
CVE-2026-41615 was published May 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database