Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,323
Maven
5,000+
npm
5,000+
NuGet
880
pip
4,533
Pub
12
RubyGems
1,010
Rust
1,201
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,982 advisories

Loading
Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic Moderate
CVE-2026-33726 was published for github.com/cilium/cilium (Go) Mar 26, 2026
Champ-Goblem Credited to Champ-Goblem, sudeephb, julianwiedmann, and smagnani96 sudeephb sudeephb
julianwiedmann julianwiedmann smagnani96 smagnani96
A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected... Moderate Unreviewed
CVE-2026-4875 was published Mar 26, 2026
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow... High Unreviewed
CVE-2025-55261 was published Mar 26, 2026
A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of... Moderate Unreviewed
CVE-2026-4830 was published Mar 26, 2026
@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool High
GHSA-647h-p824-99w7 was published for @grackle-ai/mcp (npm) Mar 25, 2026
The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An... Moderate Unreviewed
CVE-2026-28895 was published Mar 25, 2026
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Moderate Unreviewed
CVE-2026-28862 was published Mar 25, 2026
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app... High Unreviewed
CVE-2026-28837 was published Mar 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.3... High Unreviewed
CVE-2026-28855 was published Mar 25, 2026
The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS... Moderate Unreviewed
CVE-2026-28856 was published Mar 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7... Moderate Unreviewed
CVE-2026-28880 was published Mar 25, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation.... High Unreviewed
CVE-2026-28876 was published Mar 25, 2026
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28828 was published Mar 25, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2026-28818 was published Mar 25, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28824 was published Mar 25, 2026
A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe... Moderate Unreviewed
CVE-2026-28823 was published Mar 25, 2026
A validation issue existed in the entitlement verification. This issue was addressed with... Moderate Unreviewed
CVE-2026-28821 was published Mar 25, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-20697 was published Mar 25, 2026
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7... Moderate Unreviewed
CVE-2025-43534 was published Mar 25, 2026
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in... High Unreviewed
CVE-2026-20622 was published Mar 25, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation.... Moderate Unreviewed
CVE-2026-20632 was published Mar 25, 2026
A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution Moderate
CVE-2026-33622 was published for github.com/pinchtab/pinchtab/cmd/pinchtab (Go) Mar 24, 2026
Yesuhei Credited to Yesuhei
An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio... Critical Unreviewed
CVE-2026-0898 was published Mar 23, 2026
Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature High
CVE-2026-32299 was published for opensource-workshop/connect-cms (Composer) Mar 23, 2026
odgrso Credited to odgrso
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of... Moderate Unreviewed
CVE-2026-4586 was published Mar 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database