Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,717
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,943
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
Weblate Doesn't Invalidate API Token on Password Change Moderate
CVE-2026-41519 was published for weblate (pip) Apr 30, 2026
whatisproblem Credited to whatisproblem and nijel nijel nijel
wger: CSV/TSV formula injection in gym member export (first_name/last_name) High
GHSA-xq9m-hmp9-fw87 was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass Critical
CVE-2026-43948 was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
wger: trainer_login open redirect - ?next= parameter not validated against host Moderate
GHSA-vqv8-j3mj-wjxj was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database