Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
42
Go
3,138
Maven
5,000+
npm
5,000+
NuGet
831
pip
4,438
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

319,852 advisories

Loading
Quill has DoS via unbounded read of HTTP response body during notarization Moderate
CVE-2026-31960 was published for github.com/anchore/quill (Go) Mar 11, 2026
Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing Moderate
CVE-2026-31961 was published for github.com/anchore/quill (Go) Mar 11, 2026
Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval Moderate
CVE-2026-31959 was published for github.com/anchore/quill (Go) Mar 11, 2026
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection Critical
CVE-2026-31975 was published for @siteboon/claude-code-ui (npm) Mar 11, 2026
Ethan-Yang-opcia Credited to Ethan-Yang-opcia and DhiyaneshGeek DhiyaneshGeek DhiyaneshGeek
Parse Server vulnerable to user enumeration via email verification endpoint Moderate
CVE-2026-31901 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server's MFA recovery codes not consumed after use High
CVE-2026-31875 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via dot-notation in query and sort High
CVE-2026-31872 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL Critical
CVE-2026-31871 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types Moderate
CVE-2026-31868 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
flagd Vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2026-31866 was published for github.com/open-feature/flagd/flagd (Go) Mar 11, 2026
danipalli Credited to danipalli, marcozabel, and toddbaert marcozabel marcozabel
toddbaert toddbaert
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go Critical
GHSA-j443-wcqq-xprh was published for github.com/arslanbekov/terraform-provider-sendgrid (Go) Mar 11, 2026
aiell0 Credited to aiell0
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the ... High Unreviewed
CVE-2025-14905 was published Feb 23, 2026
In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an... Unknown Unreviewed
CVE-2026-0113 was published Mar 10, 2026
In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could... Unknown Unreviewed
CVE-2026-0118 was published Mar 10, 2026
In modem, there is a possible out of bounds write due to an incorrect bounds check. This could... Unknown Unreviewed
CVE-2026-0120 was published Mar 10, 2026
In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of bounds write due to... Unknown Unreviewed
CVE-2026-0119 was published Mar 10, 2026
In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect... Unknown Unreviewed
CVE-2026-0117 was published Mar 10, 2026
In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This... Unknown Unreviewed
CVE-2026-0112 was published Mar 10, 2026
The register protection of the PowerVR GPU is incorrectly configured. This could lead to local... Unknown Unreviewed
CVE-2026-0108 was published Mar 10, 2026
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due... Unknown Unreviewed
CVE-2026-0107 was published Mar 10, 2026
In Trusted Execution Environment, there is a possible key leak due to side channel information... Unknown Unreviewed
CVE-2026-0115 was published Mar 10, 2026
Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true }) Moderate
GHSA-v8w9-8mx6-g223 was published for hono (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability... Moderate Unreviewed
CVE-2026-27268 was published Mar 11, 2026
The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is... Moderate Unreviewed
CVE-2026-2569 was published Mar 11, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow... High Unreviewed
CVE-2026-27267 was published Mar 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database