Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,124
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,434
Pub
12
RubyGems
988
Rust
1,172
Swift
50
Unreviewed advisories
All unreviewed
5,000+

13,427 advisories

Loading
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3404 was published Mar 2, 2026
Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers Low
CVE-2026-29781 was published for github.com/bishopfox/sliver (Go) Mar 5, 2026
skoveit Credited to skoveit
Shescape has possible misidentification of shell due to link chains Low
CVE-2026-30916 was published for shescape (npm) Mar 7, 2026
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass Low
CVE-2026-29184 was published for @backstage/plugin-scaffolder-backend (npm) Mar 5, 2026
Backstage vulnerable to potential reading of SCM URLs using built in token Low
CVE-2026-29185 was published for @backstage/integration (npm) Mar 5, 2026
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir... Low Unreviewed
CVE-2026-27139 was published Mar 7, 2026
defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag Low
CVE-2026-30830 was published for defuddle (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet
Mercurius's queryDepth limit bypassed for WebSocket subscriptions Low
CVE-2026-30241 was published for mercurius (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet and mcollina mcollina mcollina
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is... Low Unreviewed
CVE-2026-3671 was published Mar 8, 2026
A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is... Low Unreviewed
CVE-2026-2671 was published Mar 7, 2026
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function... Low Unreviewed
CVE-2026-3668 was published Mar 7, 2026
Soroban: Muxed address<->ScVal conversions may break after a conversion failure Low
GHSA-pm4j-7r4q-ccg8 was published for soroban-env-host (Rust) Mar 7, 2026
xcode-mcp-server vulnerable to Command Injection Low
CVE-2026-2178 was published for xcode-mcp-server (npm) Feb 8, 2026
dbt-common's commonprefix() doesn't protect against path traversal Low
CVE-2026-29790 was published for dbt-common (pip) Mar 5, 2026
sethmlarson Credited to sethmlarson and emmyoop emmyoop emmyoop
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder Low
CVE-2026-27942 was published for fast-xml-parser (npm) Feb 26, 2026
julianladisch Credited to julianladisch
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-61645 was published Feb 3, 2026
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol Low
CVE-2026-2733 was published for org.keycloak:keycloak-services (Maven) Feb 19, 2026
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods Low
CVE-2026-1190 was published for org.keycloak:keycloak-services (Maven) Jan 26, 2026
org.eclipse.jetty:jetty-http has different parsing of invalid URIs Low
CVE-2025-11143 was published for org.eclipse.jetty:jetty-http (Maven) Mar 5, 2026
zer0yu Credited to zer0yu
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This... Low Unreviewed
CVE-2025-66606 was published Feb 9, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since... Low Unreviewed
CVE-2025-66605 was published Feb 9, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The... Low Unreviewed
CVE-2025-66604 was published Feb 9, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The... Low Unreviewed
CVE-2025-66603 was published Feb 9, 2026
Dark Reader gives users the ability to request style sheets from local web servers Low
CVE-2025-68467 was published for darkreader (npm) Mar 4, 2026
In affected versions of Octopus Server it was possible to create a new API key from an existing... Low Unreviewed
CVE-2026-3236 was published Mar 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database