Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows Moderate
CVE-2026-53632 was published for launch-editor (npm) Jun 15, 2026
RubenHoms Credited to RubenHoms, toxyl, and bluwy toxyl toxyl
bluwy bluwy
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently... Moderate Unreviewed
CVE-2026-34030 was published Jun 15, 2026
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite... High Unreviewed
CVE-2026-11527 was published Jun 14, 2026
GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open()... Critical Unreviewed
CVE-2026-11526 was published Jun 14, 2026
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page High
CVE-2025-52465 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
YacineF Credited to YacineF, sikeoka, partywavesec, and jodygarnett sikeoka sikeoka
partywavesec partywavesec jodygarnett jodygarnett
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-47643 was published Jun 9, 2026
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Low Unreviewed
CVE-2025-12656 was published Jun 6, 2026
Docling Core: Insufficient validation of image reference URIs High
CVE-2026-44019 was published for docling-core (pip) Jun 3, 2026
brodmart Credited to brodmart
Docling: Unsafe URI and Path Handling in HTML Backend High
CVE-2026-47214 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load... Moderate Unreviewed
CVE-2026-20175 was published Jun 3, 2026
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35079 was published Jun 3, 2026
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35078 was published Jun 3, 2026
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary... High Unreviewed
CVE-2026-35080 was published Jun 3, 2026
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary... High Unreviewed
CVE-2026-35077 was published Jun 3, 2026
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local... High Unreviewed
CVE-2026-35076 was published Jun 3, 2026
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this... Moderate Unreviewed
CVE-2026-10694 was published Jun 3, 2026
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an... Low Unreviewed
CVE-2026-10559 was published Jun 2, 2026
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an... Low Unreviewed
CVE-2026-10558 was published Jun 2, 2026
rattler has an entry-point path traversal in noarch:python install (arbitrary file write) Moderate
CVE-2026-47425 was published for py-rattler (pip) Jun 1, 2026
berkant-koc Credited to berkant-koc
compliance-trestle - jinja has an Arbitrary File Write via Path Traversal High
CVE-2026-46345 was published for compliance-trestle (pip) May 28, 2026
l3tchupkt Credited to l3tchupkt
compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal High
CVE-2026-45725 was published for compliance-trestle (pip) May 27, 2026
AnistoMejin Credited to AnistoMejin and yantongggg yantongggg yantongggg
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64`... High Unreviewed
CVE-2026-48920 was published May 27, 2026
The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in... Moderate Unreviewed
CVE-2025-0898 was published May 27, 2026
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file... Critical Unreviewed
CVE-2026-8450 was published May 27, 2026
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL... Critical Unreviewed
CVE-2026-47358 was published May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database