Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,520 advisories

Loading
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1... Critical Unreviewed
CVE-2026-3199 was published Apr 9, 2026
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that... Critical Unreviewed
CVE-2026-40035 was published Apr 9, 2026
PraisonAI Vulnerable to OS Command Injection Critical
GHSA-2763-cj5r-c79m was published for PraisonAI (pip) Apr 8, 2026
l3tchupkt Credited to l3tchupkt
Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass Critical
GHSA-2679-6mx9-h9xc was published for marimo (pip) Apr 8, 2026
q1uf3ng Credited to q1uf3ng
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2026-2942 was published Apr 8, 2026
PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode) Critical
CVE-2026-39888 was published for praisonaiagents (pip) Apr 8, 2026
dorjoos Credited to dorjoos
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading Critical
CVE-2026-39890 was published for praisonai (pip) Apr 8, 2026
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64... Critical Unreviewed
CVE-2025-14815 was published Apr 8, 2026
Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64... Critical Unreviewed
CVE-2025-14816 was published Apr 8, 2026
SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions Critical
CVE-2026-39846 was published for github.com/siyuan-note/siyuan/kernel (Go) Apr 8, 2026
ngocnn97 Credited to ngocnn97
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow... Critical Unreviewed
CVE-2026-25776 was published Apr 8, 2026
The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due... Critical Unreviewed
CVE-2026-3535 was published Apr 8, 2026
The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary... Critical Unreviewed
CVE-2026-4003 was published Apr 8, 2026
The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up... Critical Unreviewed
CVE-2026-3296 was published Apr 8, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... Critical Unreviewed
CVE-2026-1346 was published Apr 8, 2026
Improper neutralization of input during web page generation ('cross-site scripting')... Critical Unreviewed
CVE-2026-39933 was published Apr 8, 2026
Emmett has a path traversal in internal assets handler Critical
CVE-2026-39847 was published for emmett (pip) Apr 8, 2026
@delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-registered collections Critical
CVE-2026-39397 was published for @delmaredigital/payload-puck (npm) Apr 8, 2026
Dag-Rui Credited to Dag-Rui
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization Critical
CVE-2026-39324 was published for rack-session (RubyGems) Apr 8, 2026
sm1ee Credited to sm1ee, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
Emissary has GitHub Actions Shell Injection via Workflow Inputs Critical
CVE-2026-35580 was published for gov.nsa.emissary:emissary (Maven) Apr 8, 2026
BrennanTM Credited to BrennanTM
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web... Critical Unreviewed
CVE-2026-4631 was published Apr 7, 2026
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the... Critical Unreviewed
CVE-2026-23696 was published Apr 7, 2026
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM Critical
CVE-2026-33439 was published for org.openidentityplatform.openam:openam (Maven) Apr 7, 2026
iamnoooob Credited to iamnoooob and hacktronai-research hacktronai-research hacktronai-research
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw... Critical Unreviewed
CVE-2026-20889 was published Apr 7, 2026
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of... Critical Unreviewed
CVE-2026-20911 was published Apr 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database