GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,977
Composer 5,760
Erlang 50
GitHub Actions 50
Go 3,690
Maven 6,501
npm 6,020
NuGet 934
pip 4,928
Pub 13
RubyGems 1,053
Rust 1,322
Swift 53

Unreviewed advisories

All unreviewed 300,970

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

78 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user... High Unreviewed

CVE-2026-42997 was published May 5, 2026

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the... Moderate Unreviewed

CVE-2026-40552 was published Apr 28, 2026

KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to... Moderate Unreviewed

CVE-2026-41525 was published Apr 28, 2026

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert... High Unreviewed

CVE-2026-31431 was published Apr 22, 2026

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions... Moderate Unreviewed

CVE-2026-41030 was published Apr 16, 2026

In udev in systemd before 260, local root execution can occur via malicious hardware devices and... Moderate Unreviewed

CVE-2026-40225 was published Apr 10, 2026

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary... Low Unreviewed

CVE-2026-40228 was published Apr 10, 2026

Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages Moderate

CVE-2026-35540 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message Moderate

CVE-2026-35543 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

Roundcube: Bypass of remote image blocking via crafted BODY background attribute Moderate

CVE-2026-35542 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages Moderate

CVE-2026-35544 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message Moderate

CVE-2026-35545 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

A low-privileged remote attacker may be able to replace the boot application of the CODESYS... High Unreviewed

CVE-2025-41660 was published Mar 24, 2026

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API. Moderate Unreviewed

CVE-2026-33265 was published Mar 18, 2026

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from... Low Unreviewed

CVE-2026-32772 was published Mar 16, 2026

OpenStack Nova calls qemu-img without format restrictions for resize High

CVE-2026-24708 was published for Nova (pip) Feb 18, 2026

Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl High

GHSA-r2c6-8jc8-g32w was published for clawdbot (npm) Feb 2, 2026 • withdrawn

Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context Critical

CVE-2025-67895 was published for apache-airflow-providers-edge3 (pip) Dec 17, 2025

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. High Unreviewed

CVE-2025-62775 was published Oct 22, 2025

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed

CVE-2025-62646 was published Oct 17, 2025

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users... Moderate Unreviewed

CVE-2025-62292 was published Oct 10, 2025

The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to... Low Unreviewed

CVE-2025-56675 was published Sep 30, 2025

PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside... Low Unreviewed

CVE-2025-59691 was published Sep 19, 2025

PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the... Low Unreviewed

CVE-2025-59692 was published Sep 19, 2025

Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for... Low Unreviewed

CVE-2025-59453 was published Sep 16, 2025

Previous1…4 Next

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

78 advisories