Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

2,395 advisories

Loading
Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic Low
CVE-2026-45723 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of... Moderate Unreviewed
CVE-2026-11346 was published Jun 5, 2026
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for... High Unreviewed
CVE-2026-10586 was published Jun 5, 2026
Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation Moderate
CVE-2026-48013 was published for shopware/core (Composer) Jun 4, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate... Moderate Unreviewed
CVE-2026-10771 was published Jun 4, 2026
An issue in Koha v.25.11 and before allows a remote attacker to execute arbitrary code via the... Moderate Unreviewed
CVE-2026-26379 was published Jun 3, 2026
Docling Core: Unsafe remote filename resolution High
CVE-2026-44023 was published for docling-core (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Unsafe Playwright-based HTML Rendering High
CVE-2026-44016 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified... High Unreviewed
CVE-2026-20230 was published Jun 3, 2026
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the... Low Unreviewed
CVE-2026-10690 was published Jun 3, 2026
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b.... Low Unreviewed
CVE-2026-10662 was published Jun 3, 2026
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription... Moderate Unreviewed
CVE-2026-49120 was published Jun 2, 2026
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function... Low Unreviewed
CVE-2026-10581 was published Jun 2, 2026
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by... Low Unreviewed
CVE-2026-10583 was published Jun 2, 2026
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the... High Unreviewed
CVE-2026-49139 was published Jun 1, 2026
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the... Moderate Unreviewed
CVE-2026-49138 was published Jun 1, 2026
A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability... Moderate Unreviewed
CVE-2026-10287 was published Jun 1, 2026
A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an... Moderate Unreviewed
CVE-2026-10280 was published Jun 1, 2026
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects... Low Unreviewed
CVE-2026-10276 was published Jun 1, 2026
A vulnerability was determined in indrasishbanerjee aem-mcp-server up to... Low Unreviewed
CVE-2026-10274 was published Jun 1, 2026
Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating... Moderate Unreviewed
CVE-2026-49328 was published Jun 1, 2026
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker... Moderate Unreviewed
CVE-2026-10517 was published Jun 1, 2026
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function... Low Unreviewed
CVE-2026-10239 was published Jun 1, 2026
A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown... Low Unreviewed
CVE-2026-10240 was published Jun 1, 2026
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1.... Low Unreviewed
CVE-2026-10241 was published Jun 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database