Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

122,497 advisories

Loading
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in... High Unreviewed
CVE-2026-4326 was published Apr 9, 2026
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of... High Unreviewed
CVE-2026-5830 was published Apr 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9,... High Unreviewed
CVE-2026-5173 was published Apr 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9,... High Unreviewed
CVE-2026-1092 was published Apr 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18... High Unreviewed
CVE-2025-12664 was published Apr 9, 2026
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function... High Unreviewed
CVE-2026-5815 was published Apr 9, 2026
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK... High Unreviewed
CVE-2026-40029 was published Apr 9, 2026
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and... High Unreviewed
CVE-2026-40031 was published Apr 9, 2026
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in... High Unreviewed
CVE-2026-40037 was published Apr 9, 2026
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability... High Unreviewed
CVE-2026-40032 was published Apr 9, 2026
ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal... High Unreviewed
CVE-2026-40027 was published Apr 9, 2026
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path... High Unreviewed
CVE-2026-40030 was published Apr 9, 2026
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed... High Unreviewed
CVE-2026-40036 was published Apr 9, 2026
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows... High Unreviewed
CVE-2026-40024 was published Apr 9, 2026
Pretext: Algorithmic Complexity (DoS) in the text analysis phase High
GHSA-5478-66c3-rhxr was published for @chenglou/pretext (npm) Apr 8, 2026
NapongiZero Credited to NapongiZero
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up... High Unreviewed
CVE-2026-5436 was published Apr 8, 2026
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an... High Unreviewed
CVE-2026-30818 was published Apr 8, 2026
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an... High Unreviewed
CVE-2026-30815 was published Apr 8, 2026
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an... High Unreviewed
CVE-2026-30814 was published Apr 8, 2026
basic-ftp has FTP Command Injection via CRLF High
GHSA-chqc-8p9q-pq6q was published for basic-ftp (npm) Apr 8, 2026
zebbern Credited to zebbern
AGiXT Vulnerable to Path Traversal in safe_join() High
GHSA-5gfj-64gh-mgmw was published for agixt (pip) Apr 8, 2026
YeranG30 Credited to YeranG30
Laravel Passport: TokenGuard Authenticates Unrelated User for Client Credentials Tokens High
GHSA-349c-2h2f-mxf6 was published for laravel/passport (Composer) Apr 8, 2026
pushpak1300 Credited to pushpak1300
n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode High
GHSA-4ggg-h7ph-26qr was published for n8n-mcp (npm) Apr 8, 2026
ibrahmsql Credited to ibrahmsql
mercure has Topic Selector Cache Key Collision High
GHSA-hwr4-mq23-wcv5 was published for github.com/dunglas/mercure (Go) Apr 8, 2026
dunglas Credited to dunglas
Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service High
GHSA-xrw6-gwf8-vvr9 was published for Tmds.DBus (NuGet) Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database