Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
n8n: Merge Node SQL Mode Prototype Pollution Moderate
CVE-2026-54311 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script... High Unreviewed
CVE-2026-23919 was published Mar 24, 2026
Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused Moderate
CVE-2026-27492 was published for lettermint (npm) Feb 20, 2026
Software which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly... Moderate Unreviewed
CVE-2025-24934 was published Oct 22, 2025
An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to... High Unreviewed
CVE-2025-30073 was published Mar 26, 2025
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall... Moderate Unreviewed
CVE-2025-2312 was published Mar 25, 2025
Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance High
CVE-2025-1247 was published for io.quarkus:quarkus-rest (Maven) Feb 13, 2025
tbroyer Credited to tbroyer
pgAdmin has Incorrect Default Permissions High
CVE-2023-1907 was published for pgadmin4 (pip) Jan 9, 2025
The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11094 was published Nov 16, 2024
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when... Moderate Unreviewed
CVE-2024-7049 was published Oct 10, 2024
A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon... High Unreviewed
CVE-2024-5148 was published Sep 2, 2024
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All... High Unreviewed
CVE-2024-41977 was published Aug 13, 2024
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
fawind Credited to fawind and jamiejackson jamiejackson jamiejackson
TYPO3 Security Misconfiguration in Frontend Session Handling High
GHSA-82vp-jr39-4j2j was published for typo3/cms-core (Composer) May 30, 2024
This vulnerability potentially allows unauthorized enumeration of information from the embedded... Moderate Unreviewed
CVE-2024-1223 was published Mar 14, 2024
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination High
CVE-2024-27935 was published for deno (Rust) Mar 5, 2024
mmastrac Credited to mmastrac
In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user... Critical Unreviewed
CVE-2024-27455 was published Feb 26, 2024
Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. MİA-MED allows... High Unreviewed
CVE-2023-6519 was published Feb 8, 2024
Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may... High Unreviewed
CVE-2022-40210 was published May 10, 2023
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm Credited to Flintholm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database