Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,114
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,428
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+

120,104 advisories

Loading
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function... High Unreviewed
CVE-2026-3698 was published Mar 8, 2026
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the... High Unreviewed
CVE-2026-3699 was published Mar 8, 2026
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function... High Unreviewed
CVE-2026-3700 was published Mar 8, 2026
A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the... High Unreviewed
CVE-2026-3678 was published Mar 8, 2026
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the... High Unreviewed
CVE-2026-3679 was published Mar 8, 2026
A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the... High Unreviewed
CVE-2026-3677 was published Mar 8, 2026
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-14675 was published Mar 7, 2026
The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar... High Unreviewed
CVE-2026-1074 was published Mar 7, 2026
The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8899 was published Mar 7, 2026
The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2026-2020 was published Mar 7, 2026
The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up... High Unreviewed
CVE-2026-3352 was published Mar 7, 2026
The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all... High Unreviewed
CVE-2025-14353 was published Mar 7, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing... High Unreviewed
CVE-2026-25071 was published Mar 7, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable... High Unreviewed
CVE-2026-25072 was published Mar 7, 2026
x402 SDK Security Advisory High
GHSA-qr2g-p6q7-w82m was published for @x402/svm (Go) Mar 7, 2026
Black's vulnerable version parsing leads to RCE in GitHub Action High
GHSA-v53h-f6m7-xcgm was published for psf/black (GitHub Actions) Mar 7, 2026
ParzivalHack Credited to ParzivalHack
FUXA has a hardcoded fallback JWT signing secret High
GHSA-c8m8-3jcr-6rj5 was published for @frangoteam/fuxa (npm) Mar 7, 2026
blankshiro Credited to blankshiro
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft High
GHSA-g9rg-8vq5-mpwm was published for mcp-memory-service (pip) Mar 7, 2026
yotampe-pluto Credited to yotampe-pluto
WeKnora has Broken Access Control - Cross-Tenant Data Exposure High
CVE-2026-30859 was published for github.com/Tencent/WeKnora (Go) Mar 6, 2026
aleister1102 Credited to aleister1102
WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources High
CVE-2026-30858 was published for github.com/Tencent/WeKnora (Go) Mar 6, 2026
aleister1102 Credited to aleister1102 and Haruna38 Haruna38 Haruna38
Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation High
CVE-2026-30851 was published for github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy (Go) Mar 6, 2026
NucleiAv Credited to NucleiAv
Flowise Missing Authentication on NVIDIA NIM Endpoints High
CVE-2026-30824 was published for flowise (npm) Mar 6, 2026
tenbbughunters Credited to tenbbughunters
Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration High
CVE-2026-30823 was published for flowise (npm) Mar 6, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint High
CVE-2026-30822 was published for flowise (npm) Mar 6, 2026
yueyueL Credited to yueyueL
Zarf's symlink targets in archives are not validated against destination directory High
CVE-2026-29064 was published for github.com/zarf-dev/zarf/src/pkg/archive (Go) Mar 6, 2026
joonas Credited to joonas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database