Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
42
Go
3,138
Maven
5,000+
npm
5,000+
NuGet
831
pip
4,438
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

13,440 advisories

Loading
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... Low Unreviewed
CVE-2026-21295 was published Mar 11, 2026
Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within... Low Unreviewed
CVE-2025-20073 was published Mar 11, 2026
In VPU, there is a possible use-after-free read due to a race condition. This could lead to local... Low Unreviewed
CVE-2026-0121 was published Mar 10, 2026
CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization Low
CVE-2026-31859 was published for craftcms/cms (Composer) Mar 11, 2026
Craft Commerce is Vulnerable to Stored XSS while updating Order Status from Orders Table Low
CVE-2026-29173 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
Craft CMS has a potential information disclosure vulnerability in preview tokens Low
CVE-2026-29113 was published for craftcms/cms (Composer) Mar 10, 2026
singetu0096 Credited to singetu0096
Craft Commerce has stored XSS in Craft Commerce Order Details Slideout Low
CVE-2026-29177 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
Apache Tomcat - Security constraint bypass with HTTP/0.9 Low
CVE-2026-24733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210
Shescape has possible misidentification of shell due to link chains Low
CVE-2026-30916 was published for shescape (npm) Mar 7, 2026
Specially crafted ZIP archives can escape the intended extraction directory during Node.js... Low Unreviewed
CVE-2026-2741 was published Mar 10, 2026
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0... Low Unreviewed
CVE-2026-24641 was published Mar 10, 2026
An improper restriction of excessive authentication attempts vulnerability in Fortinet... Low Unreviewed
CVE-2026-22629 was published Mar 10, 2026
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4... Low Unreviewed
CVE-2025-27769 was published Mar 10, 2026
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated... Low Unreviewed
CVE-2026-24310 was published Mar 10, 2026
HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames... Low Unreviewed
CVE-2026-21791 was published Mar 10, 2026
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3404 was published Mar 2, 2026
Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers Low
CVE-2026-29781 was published for github.com/bishopfox/sliver (Go) Mar 5, 2026
skoveit Credited to skoveit
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass Low
CVE-2026-29184 was published for @backstage/plugin-scaffolder-backend (npm) Mar 5, 2026
Backstage vulnerable to potential reading of SCM URLs using built in token Low
CVE-2026-29185 was published for @backstage/integration (npm) Mar 5, 2026
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir... Low Unreviewed
CVE-2026-27139 was published Mar 7, 2026
defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag Low
CVE-2026-30830 was published for defuddle (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet
Mercurius's queryDepth limit bypassed for WebSocket subscriptions Low
CVE-2026-30241 was published for mercurius (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet and mcollina mcollina mcollina
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is... Low Unreviewed
CVE-2026-3671 was published Mar 8, 2026
A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is... Low Unreviewed
CVE-2026-2671 was published Mar 7, 2026
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function... Low Unreviewed
CVE-2026-3668 was published Mar 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database