Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff... High Unreviewed
CVE-2026-9753 was published Jun 10, 2026
When OIDC authentication is enabled in configuration, clients may set specific values in the ... High Unreviewed
CVE-2026-9742 was published Jun 10, 2026
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to... Moderate Unreviewed
CVE-2024-6858 was published Jun 5, 2026
Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection Moderate
CVE-2026-47675 was published for hono (npm) Jun 4, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims Moderate
CVE-2026-45069 was published for symfony/security-http (Composer) May 27, 2026
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on... High Unreviewed
CVE-2026-40851 was published May 27, 2026
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... Moderate Unreviewed
CVE-2026-4646 was published May 26, 2026
For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A... Low Unreviewed
CVE-2026-7887 was published May 22, 2026
An ACAP configuration file lacked sufficient input validation, which could allow command... Moderate Unreviewed
CVE-2026-0802 was published May 12, 2026
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header High
CVE-2026-33806 was published for fastify (npm) Apr 15, 2026
mcollina Credited to mcollina, climba03003, jsumners, and UlisesGascon climba03003 climba03003
jsumners jsumners UlisesGascon UlisesGascon
TSPortal: Any user can forge self-deletion requests for any account High
CVE-2026-29788 was published for miraheze/ts-portal (Composer) Mar 27, 2026
pskyechology Credited to pskyechology and Universal-Omega Universal-Omega Universal-Omega
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that... Moderate Unreviewed
CVE-2019-25596 was published Mar 22, 2026
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions High
CVE-2026-2092 was published for org.keycloak:keycloak-saml-adapter-core (Maven) Mar 18, 2026
1seal Credited to 1seal
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle... Moderate Unreviewed
CVE-2026-2454 was published Mar 16, 2026
Mattermost fails to properly validate User-Agent header tokens Moderate
CVE-2026-25783 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing... High Unreviewed
CVE-2026-20074 was published Mar 11, 2026
Improper validation of specified type of input in SQL Server allows an authorized attacker to... High Unreviewed
CVE-2026-26115 was published Mar 10, 2026
Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock... High Unreviewed
CVE-2026-25179 was published Mar 10, 2026
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few... Moderate Unreviewed
CVE-2026-2003 was published Feb 12, 2026
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator... High Unreviewed
CVE-2026-2004 was published Feb 12, 2026
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE)... High Unreviewed
CVE-2026-20119 was published Feb 4, 2026
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-24307 was published Jan 23, 2026
Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in Moderate
CVE-2025-12689 was published for github.com/mattermost/mattermost-plugin-calls (Go) Dec 17, 2025
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection Low
CVE-2025-13352 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
An unauthorised attacker within bluetooth range may use an improper validation during the BLE... Moderate Unreviewed
CVE-2024-2105 was published Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database