Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13,507 advisories

Loading
A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1... Low Unreviewed
CVE-2026-4219 was published Mar 16, 2026
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature.... Low Unreviewed
CVE-2025-52649 was published Mar 16, 2026
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from... Low Unreviewed
CVE-2026-32772 was published Mar 16, 2026
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after... Low Unreviewed
CVE-2026-32778 was published Mar 16, 2026
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of... Low Unreviewed
CVE-2025-71264 was published Mar 16, 2026
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input.... Low Unreviewed
CVE-2025-26474 was published Mar 16, 2026
in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of... Low Unreviewed
CVE-2026-0639 was published Mar 16, 2026
IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service... Low Unreviewed
CVE-2025-13459 was published Mar 16, 2026
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback Low
CVE-2026-27448 was published for pyopenssl (pip) Mar 16, 2026
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows... Low Unreviewed
CVE-2026-32445 was published Mar 13, 2026
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to... Low Unreviewed
CVE-2026-22210 was published Mar 13, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Low Unreviewed
CVE-2025-13718 was published Mar 13, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Low Unreviewed
CVE-2025-14811 was published Mar 13, 2026
Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning Low
GHSA-q926-c743-49qj was published for github.com/centrifugal/centrifugo/v6 (Go) Mar 13, 2026
VarshankNaik Credited to VarshankNaik
OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode Low
GHSA-qvr7-g57c-mrc7 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even... Low Unreviewed
CVE-2025-13462 was published Mar 12, 2026
Sveltejs devalue's `devalue.parse` and `devalue.unflatten` emit objects with `__proto__` own properties Low
GHSA-mwv9-gp5h-frr4 was published for devalue (npm) Mar 12, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github, KarimPwnz, wim-vercel, and mattiasljungstrom KarimPwnz KarimPwnz
wim-vercel wim-vercel mattiasljungstrom mattiasljungstrom
@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch Low
CVE-2026-32236 was published for @backstage/plugin-auth-backend (npm) Mar 12, 2026
Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html` Low
CVE-2026-32109 was published for copyparty (pip) Mar 12, 2026
thesanjok Credited to thesanjok
Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access Low
CVE-2026-32108 was published for copyparty (pip) Mar 12, 2026
thesanjok Credited to thesanjok
Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity Low
CVE-2026-31873 was published for unhead (npm) Mar 12, 2026
simonkoeck Credited to simonkoeck
Keycloak vulnerable to authorization bypass via the Admin API Low
CVE-2026-2366 was published for @keycloak/keycloak-admin-client (Maven) Mar 12, 2026
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The... Low Unreviewed
CVE-2026-4012 was published Mar 12, 2026
@whyour/qinglong: manipulation of the argument command leads to protection mechanism failure Low
CVE-2026-3965 was published for @whyour/qinglong (npm) Mar 12, 2026
Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71... Low Unreviewed
CVE-2026-3929 was published Mar 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database