Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

153,750 advisories

Loading
Incus vulnerable to local privilege escalation through VM screenshot path Moderate
CVE-2026-33711 was published for github.com/lxc/incus/v6 (Go) Mar 27, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys Moderate
CVE-2026-33936 was published for ecdsa (pip) Mar 27, 2026
0xmrma Credited to 0xmrma
TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service Moderate
CVE-2026-33541 was published for miraheze/ts-portal (Composer) Mar 27, 2026
Universal-Omega Credited to Universal-Omega
Open WebUI has unauthorized deletion of knowledge files Moderate
CVE-2026-29070 was published for open-webui (pip) Mar 27, 2026
ScaumAcktiv Credited to ScaumAcktiv
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an... Moderate Unreviewed
CVE-2026-4955 was published Mar 27, 2026
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function... Moderate Unreviewed
CVE-2026-4957 was published Mar 27, 2026
A security vulnerability has been detected in mingSoft MCMS 迄 5.5.0. Impacted is the function... Moderate Unreviewed
CVE-2026-4954 was published Mar 27, 2026
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before... Moderate Unreviewed
CVE-2026-4980 was published Mar 27, 2026
A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected... Moderate Unreviewed
CVE-2026-4956 was published Mar 27, 2026
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or... Moderate Unreviewed
CVE-2026-5022 was published Mar 27, 2026
A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function... Moderate Unreviewed
CVE-2026-4953 was published Mar 27, 2026
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read... Moderate Unreviewed
CVE-2026-5025 was published Mar 27, 2026
A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This... Moderate Unreviewed
CVE-2026-5010 was published Mar 27, 2026
A resample query can be used to trigger out-of-memory crashes in Grafana. Moderate Unreviewed
CVE-2026-27879 was published Mar 27, 2026
When using public dashboards and direct data-sources, all direct data-sources' passwords are... Moderate Unreviewed
CVE-2026-27877 was published Mar 27, 2026
A testdata data-source can be used to trigger out-of-memory crashes in Grafana. Moderate Unreviewed
CVE-2026-28375 was published Mar 27, 2026
ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting... Moderate Unreviewed
CVE-2026-32859 was published Mar 27, 2026
BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated... Moderate Unreviewed
CVE-2025-69988 was published Mar 27, 2026
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` Moderate
CVE-2026-28786 was published for open-webui (pip) Mar 27, 2026
akshatgit Credited to akshatgit
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over... Moderate Unreviewed
CVE-2026-4619 was published Mar 27, 2026
Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get... Moderate Unreviewed
CVE-2026-4309 was published Mar 27, 2026
Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows... Moderate Unreviewed
CVE-2023-7339 was published Mar 27, 2026
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to... Moderate Unreviewed
CVE-2026-4621 was published Mar 27, 2026
Bludit allows user's session identifier to be set before authentication. The value of this... Moderate Unreviewed
CVE-2026-25101 was published Mar 27, 2026
Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An... Moderate Unreviewed
CVE-2026-25100 was published Mar 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database