Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

160,669 advisories

Loading
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the... Moderate Unreviewed
CVE-2026-5690 was published Apr 7, 2026
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is... Moderate Unreviewed
CVE-2026-5689 was published Apr 7, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is... Moderate Unreviewed
CVE-2026-5688 was published Apr 7, 2026
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function... Moderate Unreviewed
CVE-2026-5692 was published Apr 7, 2026
AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.php Moderate
CVE-2026-35181 was published for wwbn/avideo (Composer) Apr 3, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php Moderate
CVE-2026-35179 was published for wwbn/avideo (Composer) Apr 3, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Hugo: Certain markdown links are not properly escaped Moderate
CVE-2026-35166 was published for github.com/gohugoio/hugo (Go) Apr 3, 2026
cataliniovita Credited to cataliniovita
D-Tale: Remote Code Execution through redis/shelf storage Moderate
CVE-2026-35052 was published for dtale (pip) Apr 3, 2026
QiaoNPC Credited to QiaoNPC
vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server Moderate
CVE-2026-34756 was published for vllm (pip) Apr 3, 2026
ez-lbz Credited to ez-lbz, russellb, and jperezdealgaba russellb russellb
jperezdealgaba jperezdealgaba
vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` Moderate
CVE-2026-34753 was published for vllm (pip) Apr 3, 2026
Fushuling Credited to Fushuling, L2ncE, TsingShui, l2yyd5, Danthology, iharee, BoyiZhao, russellb, jperezdealgaba, and Victor-code-Y L2ncE L2ncE
TsingShui TsingShui l2yyd5 l2yyd5 Danthology Danthology iharee iharee BoyiZhao BoyiZhao russellb russellb jperezdealgaba jperezdealgaba Victor-code-Y Victor-code-Y
SandboxJS: Sandbox Escape via Prop Object Leak in New Handler Moderate
CVE-2026-34217 was published for @nyariv/sandboxjs (npm) Apr 3, 2026
chawdamrunal Credited to chawdamrunal
SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser Moderate
CVE-2026-34211 was published for @nyariv/sandboxjs (npm) Apr 3, 2026
offset Credited to offset
phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure Moderate
CVE-2026-34973 was published for thorsten/phpmyfaq (Composer) Apr 1, 2026
athuljayaram Credited to athuljayaram
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages Moderate
CVE-2026-28809 was published for esaml (Erlang) Mar 23, 2026
Signal K Server: Unauthenticated Source Priorities Manipulation Moderate
CVE-2026-33951 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
AIOHTTP has a Multipart Header Size Bypass Moderate
CVE-2026-34516 was published for aiohttp (pip) Apr 1, 2026
bekkaze Credited to bekkaze and Dreamsorcerer Dreamsorcerer Dreamsorcerer
Electron: AppleScript injection in app.moveToApplicationsFolder on macOS Moderate
CVE-2026-34779 was published for electron (npm) Apr 3, 2026
Electron: Service worker can spoof executeJavaScript IPC replies Moderate
CVE-2026-34778 was published for electron (npm) Apr 3, 2026
Electron: Incorrect origin passed to permission request handler for iframe requests Moderate
CVE-2026-34777 was published for electron (npm) Apr 3, 2026
Electron: Out-of-bounds read in second-instance IPC on macOS and Linux Moderate
CVE-2026-34776 was published for electron (npm) Apr 3, 2026
Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes Moderate
CVE-2026-34775 was published for electron (npm) Apr 3, 2026
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows Moderate
CVE-2026-34773 was published for electron (npm) Apr 3, 2026
Electron: Use-after-free in download save dialog callback Moderate
CVE-2026-34772 was published for electron (npm) Apr 3, 2026
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest Moderate
CVE-2026-34767 was published for electron (npm) Apr 3, 2026
LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service) Moderate
CVE-2026-34052 was published for jupyterhub-ltiauthenticator (pip) Apr 3, 2026
yueyueL Credited to yueyueL
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database