Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

153,752 advisories

Loading
DOMPurify is vulnerable to mutation-XSS via Re-Contextualization Moderate
GHSA-h8r8-wccr-v5f2 was published for dompurify (npm) Mar 27, 2026
researchatfluidattacks Credited to researchatfluidattacks and caverav caverav caverav
Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField Moderate
CVE-2026-33433 was published for github.com/traefik/traefik/v2 (Go) Mar 27, 2026
0xVijay Credited to 0xVijay
A Fleet team maintainer can transfer hosts from any team via missing source team authorization Moderate
CVE-2026-29180 was published for github.com/fleetdm/fleet/v4 (Go) Mar 27, 2026
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without... Moderate Unreviewed
CVE-2026-34411 was published Mar 27, 2026
A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function... Moderate Unreviewed
CVE-2026-4963 was published Mar 27, 2026
A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an... Moderate Unreviewed
CVE-2026-4968 was published Mar 27, 2026
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects... Moderate Unreviewed
CVE-2026-4964 was published Mar 27, 2026
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown... Moderate Unreviewed
CVE-2026-4966 was published Mar 27, 2026
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function... Moderate Unreviewed
CVE-2026-4965 was published Mar 27, 2026
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1... Moderate Unreviewed
CVE-2026-30568 was published Mar 27, 2026
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper... Moderate Unreviewed
CVE-2025-15615 was published Mar 27, 2026
A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the... Moderate Unreviewed
CVE-2026-4959 was published Mar 27, 2026
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory... Moderate Unreviewed
CVE-2026-32984 was published Mar 27, 2026
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory... Moderate Unreviewed
CVE-2023-7340 was published Mar 27, 2026
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper... Moderate Unreviewed
CVE-2026-32983 was published Mar 27, 2026
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects Moderate
CVE-2026-34043 was published for serialize-javascript (npm) Mar 27, 2026
TomerAberbach Credited to TomerAberbach
Fleet: Password reset tokens remain valid after password change for 24 hours Moderate
CVE-2026-26060 was published for github.com/fleetdm/fleet/v4 (Go) Mar 27, 2026
n8n has XSS in its Credential Management Flow Moderate
GHSA-364x-8g5j-x2pr was published for n8n (npm) Mar 27, 2026
yohannslm Credited to yohannslm
n8n has XSS in Chat Trigger Node through Custom CSS Moderate
GHSA-3c7f-5hgj-h279 was published for n8n (npm) Mar 27, 2026
JorianWoltjer Credited to JorianWoltjer
n8n: Authenticated XSS and Open Redirect via Form Node Moderate
GHSA-w673-8fjw-457c was published for n8n (npm) Mar 27, 2026
tCu0n9 Credited to tCu0n9
n8n has a Stored XSS Vulnerability in its Form Trigger Moderate
GHSA-q4fm-pjq6-m63g was published for n8n (npm) Mar 27, 2026
tr4ce-ju Credited to tr4ce-ju
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php Moderate
CVE-2026-34036 was published for dolibarr/dolibarr (Composer) Mar 27, 2026
cnf409 Credited to cnf409
Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521 Moderate
CVE-2026-33994 was published for locutus (npm) Mar 27, 2026
gtsp233 Credited to gtsp233
Locutus has Prototype Pollution via __proto__ Key Injection in unserialize() Moderate
CVE-2026-33993 was published for locutus (npm) Mar 27, 2026
offset Credited to offset
Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass Moderate
CVE-2026-32695 was published for github.com/traefik/traefik/v2 (Go) Mar 27, 2026
b-hermes Credited to b-hermes
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database