Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

160,669 advisories

Loading
Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows... Moderate Unreviewed
CVE-2025-7006 was published Jun 13, 2026
Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a... Moderate Unreviewed
CVE-2025-7010 was published Jun 13, 2026
Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file... Moderate Unreviewed
CVE-2025-7005 was published Jun 13, 2026
@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input Moderate
CVE-2026-42853 was published for @apostrophecms/cli (npm) May 14, 2026
VadlaReddySai Credited to VadlaReddySai and Chittu13 Chittu13 Chittu13
actual Allows Electron to Run As Node Moderate
CVE-2026-42890 was published for actual (npm) Jun 8, 2026
mustafa-sec Credited to mustafa-sec
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers Moderate
CVE-2026-47248 was published for parse-server (npm) May 29, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap Moderate
CVE-2026-41568 was published for github.com/docker/docker (Go) May 18, 2026
manizada Credited to manizada and vvoland vvoland vvoland
File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames Moderate
CVE-2026-54093 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
hacdias Credited to hacdias
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope Moderate
CVE-2026-54094 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
DavidCarliez Credited to DavidCarliez, hacdias, m2hcz, and alanturing881 hacdias hacdias
m2hcz m2hcz alanturing881 alanturing881
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header Moderate
CVE-2026-41726 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
julianladisch Credited to julianladisch
A path traversal vulnerability has been reported to affect several QNAP operating system versions... Moderate Unreviewed
CVE-2026-24717 was published Jun 10, 2026
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters,... Moderate Unreviewed
CVE-2026-42932 was published Jun 12, 2026
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The... Moderate Unreviewed
CVE-2026-54394 was published Jun 12, 2026
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft... Moderate Unreviewed
CVE-2026-10715 was published Jun 12, 2026
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a... Moderate Unreviewed
CVE-2026-50244 was published Jun 12, 2026
During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and... Moderate Unreviewed
CVE-2026-50099 was published Jun 12, 2026
An incorrect visibility condition in the MISP event template builder allowed authenticated non... Moderate Unreviewed
CVE-2026-54362 was published Jun 12, 2026
A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The... Moderate Unreviewed
CVE-2026-54393 was published Jun 12, 2026
A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event... Moderate Unreviewed
CVE-2026-54397 was published Jun 12, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-24618 was published Jun 12, 2026
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a... Moderate Unreviewed
CVE-2026-54396 was published Jun 12, 2026
An improper authorization vulnerability in MISP allowed an authenticated organization... Moderate Unreviewed
CVE-2026-54357 was published Jun 12, 2026
MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The... Moderate Unreviewed
CVE-2026-54395 was published Jun 12, 2026
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing Moderate
GHSA-vc8p-8pxg-rfwg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
Pig-Tail Credited to Pig-Tail and kruton kruton kruton
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
GHSA-ch3q-cw5r-f4hg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database