Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,011 advisories

Loading
Apache Polaris has an Improper Input Validation issue Critical
CVE-2026-42811 was published for org.apache.polaris:polaris-core (Maven) May 4, 2026
Apache Polaris has an Improper Input Validation Issue Critical
CVE-2026-42809 was published for org.apache.polaris:polaris-runtime-service (Maven) May 4, 2026
Apache Polaris has an Improper Input Validation issue Critical
CVE-2026-42812 was published for org.apache.polaris:polaris-runtime-service (Maven) May 4, 2026
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses Critical
GHSA-wpqr-6v78-jr5g was published for @google/gemini-cli (GitHub Actions) Apr 24, 2026
DanusMinimus Credited to DanusMinimus and EladMeged-Novee EladMeged-Novee EladMeged-Novee
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths Critical
CVE-2026-32604 was published for io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo (Maven) Apr 21, 2026
LeftenantZero Credited to LeftenantZero and jasonmcintosh jasonmcintosh jasonmcintosh
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation... Critical Unreviewed
CVE-2026-27304 was published Apr 15, 2026
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a... Critical Unreviewed
CVE-2026-22563 was published Apr 14, 2026
nimiq-blockchain is missing a wall-clock upper bound on block timestamps Critical
CVE-2026-40093 was published for nimiq-blockchain (Rust) Apr 10, 2026
LXD: Importing a crafted backup leads to project restriction bypass Critical
CVE-2026-34178 was published for github.com/canonical/lxd (Go) Apr 10, 2026
mpurg Credited to mpurg
Memory-safety vulnerability in github.com/jackc/pgx/v5. Critical
CVE-2026-33816 was published for github.com/jackc/pgx/v5 (Go) Apr 7, 2026
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key Critical
CVE-2026-34950 was published for fast-jwt (npm) Apr 2, 2026
rtvkiz Credited to rtvkiz
A vulnerability in the change password functionality of Cisco Integrated Management Controller ... Critical Unreviewed
CVE-2026-20093 was published Apr 1, 2026
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body` Critical
CVE-2026-34243 was published for njzjz/wenxian (GitHub Actions) Mar 29, 2026
choseogyeong Credited to choseogyeong
In its design for automatic terminal command execution, AI Code offers two options: Execute safe... Critical Unreviewed
CVE-2026-30304 was published Mar 27, 2026
OpenBao has Reflected XSS in its OIDC authentication error message Critical
CVE-2026-33758 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android... Critical Unreviewed
CVE-2026-4755 was published Mar 24, 2026
SM9 Infinity-Point Ciphertext Forgery Vulnerability Critical
CVE-2026-32614 was published for github.com/emmansun/gmsm (Go) Mar 13, 2026
Cameudis Credited to Cameudis and sunyxedu sunyxedu sunyxedu
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface Critical
CVE-2026-30960 was published for rssn (Rust) Mar 10, 2026
panayang Credited to panayang
Apache IoTDB has an Improper Input Validation vulnerability Critical
CVE-2026-24713 was published for org.apache.iotdb:iotdb-core (Maven) Mar 9, 2026
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation... Critical Unreviewed
CVE-2026-0848 was published Mar 5, 2026
Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a... Critical Unreviewed
CVE-2026-3545 was published Mar 4, 2026
Improper enforcement of the Disable password saving in vaults setting in the connection entry... Critical Unreviewed
CVE-2026-2590 was published Mar 4, 2026
Improper input validation in the error message page in Devolutions Server 2025.3.15 and earlier... Critical Unreviewed
CVE-2026-3204 was published Mar 4, 2026
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb... Critical Unreviewed
CVE-2024-55020 was published Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database