Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13,508 advisories

Loading
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP... Low Unreviewed
CVE-2026-4359 was published Mar 17, 2026
astral-tokio-tar insufficiently validates PAX extensions during extraction Low
CVE-2026-32766 was published for astral-tokio-tar (Rust) Mar 17, 2026
woodruffw Credited to woodruffw and xokdvium xokdvium xokdvium
Parse Server has a password reset token single-use bypass via concurrent requests Low
GHSA-r3xq-68wh-gwvh was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Next.js: null origin can bypass dev HMR websocket CSRF checks Low
CVE-2026-27977 was published for next (npm) Mar 17, 2026
radu33 Credited to radu33 and xdavidhu xdavidhu xdavidhu
HCL Sametime is vulnerable to broken server-side validation. While the application performs... Low Unreviewed
CVE-2025-31966 was published Mar 17, 2026
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the ... Low Unreviewed
CVE-2026-3633 was published Mar 17, 2026
A flaw was found in libsoup, a library used by applications to send network requests. This... Low Unreviewed
CVE-2026-3632 was published Mar 17, 2026
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type... Low Unreviewed
CVE-2026-3634 was published Mar 17, 2026
The extension fails to verify, if an authenticated user has permissions to access to redirects... Low Unreviewed
CVE-2026-4202 was published Mar 17, 2026
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an... Low Unreviewed
CVE-2026-3237 was published Mar 17, 2026
Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the... Low Unreviewed
CVE-2026-26230 was published Mar 16, 2026
A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this... Low Unreviewed
CVE-2026-4251 was published Mar 16, 2026
A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on... Low Unreviewed
CVE-2026-4250 was published Mar 16, 2026
Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability Low
CVE-2026-32266 was published for craftcms/google-cloud (Composer) Mar 16, 2026
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata Low
CVE-2026-32722 was published for memray (pip) Mar 16, 2026
0xmrma Credited to 0xmrma
XSS in @leanprover/unicode-input-component Low
CVE-2026-32732 was published for @leanprover/unicode-input-component (npm) Mar 16, 2026
StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens Low
CVE-2026-32638 was published for studiocms (npm) Mar 16, 2026
restriction Credited to restriction and Adammatthiesen Adammatthiesen Adammatthiesen
Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when... Low Unreviewed
CVE-2026-22545 was published Mar 16, 2026
A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown... Low Unreviewed
CVE-2026-4243 was published Mar 16, 2026
A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on... Low Unreviewed
CVE-2026-4242 was published Mar 16, 2026
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through... Low Unreviewed
CVE-2025-52642 was published Mar 16, 2026
HCL AION is affected by a vulnerability where certain offering configurations may permit... Low Unreviewed
CVE-2025-52646 was published Mar 16, 2026
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper... Low Unreviewed
CVE-2025-52636 was published Mar 16, 2026
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not... Low Unreviewed
CVE-2025-52645 was published Mar 16, 2026
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This... Low Unreviewed
CVE-2026-4217 was published Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database