GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,081
Maven
5,000+
npm
4,981
NuGet
825
pip
4,418
Pub
12
RubyGems
988
Rust
1,162
Swift
50
Unreviewed advisories
All unreviewed
5,000+
151,491 advisories
Filter by severity
Mercurius: Incorrect Content-Type parsing can lead to CSRF attack
Moderate
CVE-2025-64166
was published
for
mercurius
(npm)
Mar 5, 2026
Leantime has HTML injection through firstname and lastname fields
Moderate
GHSA-qrfh-cc86-vc8c
was published
for
leantime/leantime
(Composer)
Mar 5, 2026
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this...
Moderate
Unreviewed
CVE-2026-28546
was published
Mar 5, 2026
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful...
Moderate
Unreviewed
CVE-2026-28547
was published
Mar 5, 2026
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key'...
Moderate
Unreviewed
CVE-2026-2893
was published
Mar 5, 2026
Race condition vulnerability in the permission management service. Impact: Successful...
Moderate
Unreviewed
CVE-2026-28549
was published
Mar 5, 2026
Race condition vulnerability in the device security management module. Impact: Successful...
Moderate
Unreviewed
CVE-2026-28551
was published
Mar 5, 2026
Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of...
Moderate
Unreviewed
CVE-2026-28541
was published
Mar 5, 2026
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful...
Moderate
Unreviewed
CVE-2026-28543
was published
Mar 5, 2026
Data processing vulnerability in the certificate management module. Impact: Successful...
Moderate
Unreviewed
CVE-2026-28539
was published
Mar 5, 2026
Double free vulnerability in the window module. Impact: Successful exploitation of this...
Moderate
Unreviewed
CVE-2026-28537
was published
Mar 5, 2026
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this...
Moderate
Unreviewed
CVE-2026-28552
was published
Mar 5, 2026
Race condition vulnerability in the printing module. Impact: Successful exploitation of this...
Moderate
Unreviewed
CVE-2026-28544
was published
Mar 5, 2026
Race condition vulnerability in the printing module. Impact: Successful exploitation of this...
Moderate
Unreviewed
CVE-2026-28545
was published
Mar 5, 2026
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this...
Moderate
Unreviewed
CVE-2026-28540
was published
Mar 5, 2026
Path traversal vulnerability in the certificate management module. Impact: Successful...
Moderate
Unreviewed
CVE-2026-28538
was published
Mar 5, 2026
Race condition vulnerability in the security control module. Impact: Successful exploitation of...
Moderate
Unreviewed
CVE-2026-28550
was published
Mar 5, 2026
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of...
Moderate
Unreviewed
CVE-2026-3072
was published
Mar 5, 2026
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass...
Moderate
Unreviewed
CVE-2026-30777
was published
Mar 5, 2026
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP...
Moderate
Unreviewed
CVE-2026-27982
was published
Mar 5, 2026
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site...
Moderate
Unreviewed
CVE-2026-3034
was published
Mar 5, 2026
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter...
Moderate
Unreviewed
CVE-2026-3523
was published
Mar 5, 2026
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in...
Moderate
Unreviewed
CVE-2026-2899
was published
Mar 5, 2026
Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion
Moderate
GHSA-v2x6-wwfw-r2rq
was published
for
github.com/agentgateway/agentgateway
(Go)
Mar 5, 2026
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure...
Moderate
Unreviewed
CVE-2026-22052
was published
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API