Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,103
Maven
5,000+
npm
4,996
NuGet
826
pip
4,426
Pub
12
RubyGems
988
Rust
1,170
Swift
50
Unreviewed advisories
All unreviewed
5,000+

120,082 advisories

Loading
Flowise Missing Authentication on NVIDIA NIM Endpoints High
CVE-2026-30824 was published for flowise (npm) Mar 6, 2026
tenbbughunters Credited to tenbbughunters
Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration High
CVE-2026-30823 was published for flowise (npm) Mar 6, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint High
CVE-2026-30822 was published for flowise (npm) Mar 6, 2026
yueyueL Credited to yueyueL
Zarf's symlink targets in archives are not validated against destination directory High
CVE-2026-29064 was published for github.com/zarf-dev/zarf/src/pkg/archive (Go) Mar 6, 2026
joonas Credited to joonas
CoreDNS Loop Detection Denial of Service Vulnerability High
CVE-2026-26018 was published for github.com/coredns/coredns (Go) Mar 6, 2026
YOUNEVSKY Credited to YOUNEVSKY
Flowise has Arbitrary File Upload via MIME Spoofing High
CVE-2026-30821 was published for flowise (npm) Mar 6, 2026
im-soohyun Credited to im-soohyun
Flowise has Authorization Bypass via Spoofed x-request-from Header High
CVE-2026-30820 was published for flowise (npm) Mar 6, 2026
N3mes1s Credited to N3mes1s
parse-server's endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any user High
CVE-2026-30229 was published for parse-server (npm) Mar 6, 2026
devanshbatham Credited to devanshbatham and mtrezza mtrezza mtrezza
PinchTab has SSRF with Full Response Exfiltration via Download Handler High
CVE-2026-30834 was published for github.com/pinchtab/pinchtab/cmd/pinchtab (Go) Mar 6, 2026
aleister1102 Credited to aleister1102
express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network High
CVE-2026-30827 was published for express-rate-limit (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-20882 was published Mar 6, 2026
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges... High Unreviewed
CVE-2025-15602 was published Mar 6, 2026
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-24696 was published Mar 6, 2026
CoreDNS ACL Bypass High
CVE-2026-26017 was published for github.com/coredns/coredns (Go) Mar 6, 2026
YOUNEVSKY Credited to YOUNEVSKY
GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution High
CVE-2026-29783 was published for @github/copilot (npm) Mar 6, 2026
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication... High Unreviewed
CVE-2026-2754 was published Mar 6, 2026
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP... High Unreviewed
CVE-2026-2753 was published Mar 6, 2026
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to... High Unreviewed
CVE-2018-25199 was published Mar 6, 2026
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access... High Unreviewed
CVE-2018-25187 was published Mar 6, 2026
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25181 was published Mar 6, 2026
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25179 was published Mar 6, 2026
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25170 was published Mar 6, 2026
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25175 was published Mar 6, 2026
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25173 was published Mar 6, 2026
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25196 was published Mar 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database