Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,081
Maven
5,000+
npm
4,981
NuGet
825
pip
4,418
Pub
12
RubyGems
988
Rust
1,162
Swift
50
Unreviewed advisories
All unreviewed
5,000+

151,491 advisories

Loading
Mercurius: Incorrect Content-Type parsing can lead to CSRF attack Moderate
CVE-2025-64166 was published for mercurius (npm) Mar 5, 2026
simone-sanfratello Credited to simone-sanfratello
Leantime has HTML injection through firstname and lastname fields Moderate
GHSA-qrfh-cc86-vc8c was published for leantime/leantime (Composer) Mar 5, 2026
PratikKaran23 Credited to PratikKaran23
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2026-28546 was published Mar 5, 2026
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful... Moderate Unreviewed
CVE-2026-28547 was published Mar 5, 2026
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key'... Moderate Unreviewed
CVE-2026-2893 was published Mar 5, 2026
Race condition vulnerability in the permission management service. Impact: Successful... Moderate Unreviewed
CVE-2026-28549 was published Mar 5, 2026
Race condition vulnerability in the device security management module. Impact: Successful... Moderate Unreviewed
CVE-2026-28551 was published Mar 5, 2026
Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of... Moderate Unreviewed
CVE-2026-28541 was published Mar 5, 2026
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful... Moderate Unreviewed
CVE-2026-28543 was published Mar 5, 2026
Data processing vulnerability in the certificate management module. Impact: Successful... Moderate Unreviewed
CVE-2026-28539 was published Mar 5, 2026
Double free vulnerability in the window module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2026-28537 was published Mar 5, 2026
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2026-28552 was published Mar 5, 2026
Race condition vulnerability in the printing module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2026-28544 was published Mar 5, 2026
Race condition vulnerability in the printing module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2026-28545 was published Mar 5, 2026
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2026-28540 was published Mar 5, 2026
Path traversal vulnerability in the certificate management module. Impact: Successful... Moderate Unreviewed
CVE-2026-28538 was published Mar 5, 2026
Race condition vulnerability in the security control module. Impact: Successful exploitation of... Moderate Unreviewed
CVE-2026-28550 was published Mar 5, 2026
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2026-3072 was published Mar 5, 2026
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass... Moderate Unreviewed
CVE-2026-30777 was published Mar 5, 2026
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP... Moderate Unreviewed
CVE-2026-27982 was published Mar 5, 2026
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-3034 was published Mar 5, 2026
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter... Moderate Unreviewed
CVE-2026-3523 was published Mar 5, 2026
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed
CVE-2026-2899 was published Mar 5, 2026
Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion Moderate
GHSA-v2x6-wwfw-r2rq was published for github.com/agentgateway/agentgateway (Go) Mar 5, 2026
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure... Moderate Unreviewed
CVE-2026-22052 was published Mar 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database