Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,080
Maven
5,000+
npm
4,980
NuGet
825
pip
4,417
Pub
12
RubyGems
988
Rust
1,162
Swift
50
Unreviewed advisories
All unreviewed
5,000+

151,474 advisories

Loading
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2026-3072 was published Mar 5, 2026
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass... Moderate Unreviewed
CVE-2026-30777 was published Mar 5, 2026
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP... Moderate Unreviewed
CVE-2026-27982 was published Mar 5, 2026
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-3034 was published Mar 5, 2026
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter... Moderate Unreviewed
CVE-2026-3523 was published Mar 5, 2026
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed
CVE-2026-2899 was published Mar 5, 2026
Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion Moderate
GHSA-v2x6-wwfw-r2rq was published for github.com/agentgateway/agentgateway (Go) Mar 5, 2026
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure... Moderate Unreviewed
CVE-2026-22052 was published Mar 5, 2026
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the... Moderate Unreviewed
CVE-2025-41257 was published Mar 5, 2026
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly... Moderate Unreviewed
CVE-2026-2297 was published Mar 5, 2026
eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write Moderate
CVE-2026-29780 was published for eml-parser (pip) Mar 5, 2026
redyank Credited to redyank
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check Moderate
CVE-2026-29188 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 4, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD... Moderate Unreviewed
CVE-2026-20020 was published Mar 4, 2026
A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2026-20023 was published Mar 4, 2026
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD... Moderate Unreviewed
CVE-2026-20025 was published Mar 4, 2026
A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an... Moderate Unreviewed
CVE-2026-20064 was published Mar 4, 2026
A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and... Moderate Unreviewed
CVE-2026-20016 was published Mar 4, 2026
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD... Moderate Unreviewed
CVE-2026-20024 was published Mar 4, 2026
A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2026-20021 was published Mar 4, 2026
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD... Moderate Unreviewed
CVE-2026-20022 was published Mar 4, 2026
changedetection.io has Reflected XSS in its RSS Tag Error Response Moderate
CVE-2026-29038 was published for changedetection.io (pip) Mar 4, 2026
Akokonunes Credited to Akokonunes
Kimai's API invoice endpoint missing customer-level access control (IDOR) Moderate
CVE-2026-28685 was published for kimai/kimai (Composer) Mar 4, 2026
lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints Moderate
CVE-2026-3351 was published for github.com/canonical/lxd (Go) Mar 4, 2026
bugbunny-research Credited to bugbunny-research
neqo-qpack has iInteger overflow in qpack dynamic table indexing Moderate
GHSA-6w86-wgwq-rgq8 was published for neqo-qpack (Rust) Mar 4, 2026
Vaultwarden has Unauthorized Access via Partial Update API on Another User’s Cipher Moderate
CVE-2026-27898 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso and BlackDex BlackDex BlackDex
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database