Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

339,386 advisories

Loading
MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The... Moderate Unreviewed
CVE-2026-54395 was published Jun 12, 2026
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a... Moderate Unreviewed
CVE-2026-50244 was published Jun 12, 2026
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header... High Unreviewed
CVE-2026-54359 was published Jun 12, 2026
An incorrect authorization vulnerability in MISP allows an organization administrator to target... High Unreviewed
CVE-2026-54358 was published Jun 12, 2026
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4... High Unreviewed
CVE-2026-53408 was published Jun 12, 2026
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a... High Unreviewed
CVE-2026-54360 was published Jun 12, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-24618 was published Jun 12, 2026
An improper authorization vulnerability in MISP allowed an authenticated organization... Moderate Unreviewed
CVE-2026-54357 was published Jun 12, 2026
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by... Low Unreviewed
CVE-2026-12129 was published Jun 12, 2026
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This... Low Unreviewed
CVE-2026-12130 was published Jun 12, 2026
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag... High Unreviewed
CVE-2026-54361 was published Jun 12, 2026
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then... High Unreviewed
CVE-2026-42947 was published Jun 12, 2026
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4... High Unreviewed
CVE-2026-53407 was published Jun 12, 2026
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters,... Moderate Unreviewed
CVE-2026-42932 was published Jun 12, 2026
The Naxclow platform API that returns device relay registration details exposes a persistent... High Unreviewed
CVE-2026-50108 was published Jun 12, 2026
During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and... Moderate Unreviewed
CVE-2026-50099 was published Jun 12, 2026
Naxclow devices use a server-side, per-device relay credential that never rotates and is re... Critical Unreviewed
CVE-2026-50101 was published Jun 12, 2026
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt... Critical Unreviewed
CVE-2026-28742 was published Jun 12, 2026
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft... Moderate Unreviewed
CVE-2026-10715 was published Jun 12, 2026
File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path High
CVE-2026-54096 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
quart27219 Credited to quart27219, kimdu0, and hacdias kimdu0 kimdu0
hacdias hacdias
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing Moderate
GHSA-vc8p-8pxg-rfwg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
Pig-Tail Credited to Pig-Tail and kruton kruton kruton
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
GHSA-ch3q-cw5r-f4hg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix High
CVE-2026-54097 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
wooseokdotkim Credited to wooseokdotkim and hacdias hacdias hacdias
Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint Moderate
CVE-2026-46371 was published for github.com/fleetdm/fleet/v4 (Go) Jun 12, 2026
Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint Moderate
CVE-2026-46370 was published for github.com/fleetdm/fleet/v4 (Go) Jun 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database