Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

305 advisories

Loading
Netty: QUIC stateless reset token material exposed through header-visible connection IDs Moderate
CVE-2026-50009 was published for io.netty:netty-codec-classes-quic (Maven) Jun 15, 2026
violetagg Credited to violetagg
Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are... Moderate Unreviewed
CVE-2026-41701 was published Jun 10, 2026
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable... Moderate Unreviewed
CVE-2026-41838 was published Jun 9, 2026
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port Moderate
CVE-2026-45673 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard... Critical Unreviewed
CVE-2026-50208 was published Jun 4, 2026
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures Moderate
CVE-2026-41207 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) May 26, 2026
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse Low
GHSA-qv2q-c278-pch5 was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd and LuiginoC LuiginoC LuiginoC
Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs,... Moderate Unreviewed
CVE-2026-44054 was published May 21, 2026
Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs Critical
CVE-2026-42155 was published for openmage/magento-lts (Composer) May 5, 2026
0x0OZ Credited to 0x0OZ
Langchain-Chatchat Uses Insufficiently Random Values Low
CVE-2026-7847 was published for langchain-chatchat (pip) May 5, 2026
Spring Boot's random value property source uses a weak PRNG unsuitable for secrets Moderate
CVE-2026-40975 was published for org.springframework.boot:spring-boot-cassandra (Maven) Apr 28, 2026
DNN: Same HostGUID for all new installs Moderate
CVE-2026-40306 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
meetmandeep Credited to meetmandeep, donker, and valadas donker donker
valadas valadas
Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter Moderate
GHSA-ch86-pxr9-j9h9 was published for openclaw (npm) Apr 3, 2026 withdrawn
openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection Moderate
GHSA-vfgx-5q85-58q3 was published for openssl-encrypt (pip) Mar 31, 2026
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive... High Unreviewed
CVE-2024-51346 was published Mar 25, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable... High Unreviewed
CVE-2026-25072 was published Mar 7, 2026
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA... High Unreviewed
CVE-2026-20101 was published Mar 4, 2026
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier... Critical Unreviewed
CVE-2026-27755 was published Feb 27, 2026
Fleet: Device lock PIN can be predicted if lock time is known Moderate
CVE-2026-23999 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate... Critical Unreviewed
CVE-2026-27515 was published Feb 24, 2026
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing High
GHSA-hv93-r4j3-q65f was published for openclaw (npm) Feb 17, 2026
alpernae Credited to alpernae
When connecting to the Solax Cloud MQTT server the username is the "registration number", which... Moderate Unreviewed
CVE-2025-15574 was published Feb 12, 2026
Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness Low
GHSA-rjr4-v43m-pxq6 was published for triton-vm (Rust) Jan 21, 2026
knqyf263 Credited to knqyf263
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database