Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13,537 advisories

Loading
In VPU, there is a possible use-after-free read due to a race condition. This could lead to local... Low Unreviewed
CVE-2026-0121 was published Mar 10, 2026
Vaadin: Specially crafted ZIP archives can escape the intended extraction directory Low
CVE-2026-2741 was published for com.vaadin:flow-project (Maven) Mar 10, 2026
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0... Low Unreviewed
CVE-2026-24641 was published Mar 10, 2026
HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames... Low Unreviewed
CVE-2026-21791 was published Mar 10, 2026
An improper restriction of excessive authentication attempts vulnerability in Fortinet... Low Unreviewed
CVE-2026-22629 was published Mar 10, 2026
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4... Low Unreviewed
CVE-2025-27769 was published Mar 10, 2026
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated... Low Unreviewed
CVE-2026-24310 was published Mar 10, 2026
Craft Commerce has stored XSS in Craft Commerce Order Details Slideout Low
CVE-2026-29177 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
Craft Commerce is Vulnerable to Stored XSS while updating Order Status from Orders Table Low
CVE-2026-29173 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
Craft CMS has a potential information disclosure vulnerability in preview tokens Low
CVE-2026-29113 was published for craftcms/cms (Composer) Mar 10, 2026
singetu0096 Credited to singetu0096
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is... Low Unreviewed
CVE-2026-3671 was published Mar 8, 2026
A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is... Low Unreviewed
CVE-2026-2671 was published Mar 7, 2026
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function... Low Unreviewed
CVE-2026-3668 was published Mar 7, 2026
Soroban: Muxed address<->ScVal conversions may break after a conversion failure Low
GHSA-pm4j-7r4q-ccg8 was published for soroban-env-host (Rust) Mar 7, 2026
Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains Low
CVE-2026-30916 was published for shescape (npm) Mar 7, 2026 withdrawn
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir... Low Unreviewed
CVE-2026-27139 was published Mar 7, 2026
Mercurius's queryDepth limit bypassed for WebSocket subscriptions Low
CVE-2026-30241 was published for mercurius (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet and mcollina mcollina mcollina
defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag Low
CVE-2026-30830 was published for defuddle (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet
org.eclipse.jetty:jetty-http has different parsing of invalid URIs Low
CVE-2025-11143 was published for org.eclipse.jetty:jetty-http (Maven) Mar 5, 2026
zer0yu Credited to zer0yu
In affected versions of Octopus Server it was possible to create a new API key from an existing... Low Unreviewed
CVE-2026-3236 was published Mar 5, 2026
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is... Low Unreviewed
CVE-2026-21786 was published Mar 5, 2026
Permission control vulnerability in the resource scheduling module. Impact: Successful... Low Unreviewed
CVE-2025-66319 was published Mar 5, 2026
dbt-common's commonprefix() doesn't protect against path traversal Low
CVE-2026-29790 was published for dbt-common (pip) Mar 5, 2026
sethmlarson Credited to sethmlarson and emmyoop emmyoop emmyoop
Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers Low
CVE-2026-29781 was published for github.com/bishopfox/sliver (Go) Mar 5, 2026
skoveit Credited to skoveit
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass Low
CVE-2026-29184 was published for @backstage/plugin-scaffolder-backend (npm) Mar 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database