Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

339,386 advisories

Loading
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a... Moderate Unreviewed
CVE-2026-50244 was published Jun 12, 2026
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt... Critical Unreviewed
CVE-2026-28742 was published Jun 12, 2026
During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and... Moderate Unreviewed
CVE-2026-50099 was published Jun 12, 2026
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header... High Unreviewed
CVE-2026-54359 was published Jun 12, 2026
An incorrect visibility condition in the MISP event template builder allowed authenticated non... Moderate Unreviewed
CVE-2026-54362 was published Jun 12, 2026
An incorrect authorization vulnerability in MISP allows an organization administrator to target... High Unreviewed
CVE-2026-54358 was published Jun 12, 2026
A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The... Moderate Unreviewed
CVE-2026-54393 was published Jun 12, 2026
A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event... Moderate Unreviewed
CVE-2026-54397 was published Jun 12, 2026
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a... High Unreviewed
CVE-2026-54360 was published Jun 12, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-24618 was published Jun 12, 2026
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a... Moderate Unreviewed
CVE-2026-54396 was published Jun 12, 2026
An improper authorization vulnerability in MISP allowed an authenticated organization... Moderate Unreviewed
CVE-2026-54357 was published Jun 12, 2026
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by... Low Unreviewed
CVE-2026-12129 was published Jun 12, 2026
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This... Low Unreviewed
CVE-2026-12130 was published Jun 12, 2026
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag... High Unreviewed
CVE-2026-54361 was published Jun 12, 2026
MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The... Moderate Unreviewed
CVE-2026-54395 was published Jun 12, 2026
QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS... Critical Unreviewed
CVE-2025-66276 was published Jun 10, 2026
File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path High
CVE-2026-54096 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
quart27219 Credited to quart27219, kimdu0, and hacdias kimdu0 kimdu0
hacdias hacdias
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing Moderate
GHSA-vc8p-8pxg-rfwg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
Pig-Tail Credited to Pig-Tail and kruton kruton kruton
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
GHSA-ch3q-cw5r-f4hg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews. Critical
CVE-2026-47430 was published for cordova-plugin-inappbrowser (npm) Jun 8, 2026
NiklasMerz Credited to NiklasMerz
File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix High
CVE-2026-54097 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
wooseokdotkim Credited to wooseokdotkim and hacdias hacdias hacdias
Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint Moderate
CVE-2026-46371 was published for github.com/fleetdm/fleet/v4 (Go) Jun 12, 2026
Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint Moderate
CVE-2026-46370 was published for github.com/fleetdm/fleet/v4 (Go) Jun 12, 2026
Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization Moderate
CVE-2026-44311 was published for fabric (npm) Jun 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database