Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

568 advisories

Loading
pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules Critical
CVE-2026-7813 was published for pgadmin4 (pip) May 11, 2026
Snipe-IT has insecure permissions in file uploads Critical
CVE-2026-37709 was published for snipe/snipe-it (Composer) May 8, 2026
0xAspros Credited to 0xAspros
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the... Critical Unreviewed
CVE-2025-69691 was published May 8, 2026
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized... Critical Unreviewed
CVE-2026-33109 was published May 8, 2026
vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution Critical
CVE-2026-44007 was published for vm2 (npm) May 7, 2026
akshatgit Credited to akshatgit
phpVMS has an /importer authorization bypass causing full database wipe Critical
CVE-2026-42569 was published for nabeel/phpvms (Composer) May 4, 2026
peter-bosch Credited to peter-bosch
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... Critical Unreviewed
CVE-2026-5779 was published Apr 28, 2026
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-24303 was published Apr 24, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34287 was published Apr 21, 2026
goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files Critical
CVE-2026-31843 was published for goodoneuz/pay-uz (Composer) Apr 16, 2026
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi... Critical Unreviewed
CVE-2026-22564 was published Apr 14, 2026
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can... Critical Unreviewed
CVE-2026-31282 was published Apr 13, 2026
MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org... Critical Unreviewed
CVE-2026-31272 was published Apr 7, 2026
In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper... Critical Unreviewed
CVE-2026-1114 was published Apr 7, 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow... Critical Unreviewed
CVE-2026-35616 was published Apr 4, 2026
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6... Critical Unreviewed
CVE-2021-4477 was published Apr 4, 2026
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to... Critical Unreviewed
CVE-2026-2699 was published Apr 2, 2026
An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio... Critical Unreviewed
CVE-2026-0898 was published Mar 23, 2026
AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection Critical
CVE-2026-33478 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset and Marcono1234 Marcono1234 Marcono1234
Langflow has an Arbitrary File Write (RCE) via v2 API Critical
CVE-2026-33309 was published for langflow (pip) Mar 19, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, Jkavia, and andifilhohub abhinavagarwal07 abhinavagarwal07
Jkavia Jkavia andifilhohub andifilhohub
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product... Critical Unreviewed
CVE-2026-21994 was published Mar 18, 2026
SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service Critical
CVE-2026-32938 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 17, 2026
TCOTC Credited to TCOTC, YuxinZhaozyx, and 88250 YuxinZhaozyx YuxinZhaozyx
88250 88250
File Browser Signup Grants Admin When Default Permissions Include Admin Critical
CVE-2026-32760 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21666 was published Mar 12, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21667 was published Mar 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database