Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13,697 advisories

Loading
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18... Low Unreviewed
CVE-2026-4916 was published Apr 9, 2026
LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter Low
CVE-2026-34166 was published for liquidjs (npm) Apr 8, 2026
offset Credited to offset
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission... Low Unreviewed
CVE-2026-28264 was published Apr 8, 2026
justhtml: Mutation XSS with custom foreign-namespace sanitization policies Low
GHSA-r758-8hxw-4845 was published for justhtml (pip) Apr 8, 2026
EmilStenstrom Credited to EmilStenstrom
Apache Cassandra has an authenticated DoS over CQL Low
CVE-2026-32588 was published for org.apache.cassandra:cassandra-all (Maven) Apr 7, 2026
OpenClaw: Zalo replay dedupe cache could suppress events across authenticated webhook targets Low
GHSA-fqrj-m88p-qf3v was published for openclaw (npm) Apr 7, 2026
nexrin Credited to nexrin
OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send Low
GHSA-767m-xrhc-fxm7 was published for openclaw (npm) Apr 7, 2026
zpbrent Credited to zpbrent
Electron: Crash in clipboard.readImage() on malformed clipboard image data Low
CVE-2026-34781 was published for electron (npm) Apr 7, 2026
frostb1ten Credited to frostb1ten
Django vulnerable to privilege abuse in GenericInlineModelAdmin Low
CVE-2026-4277 was published for Django (pip) Apr 7, 2026
An issue that could expose records outside of the authorized organization scope through the MCP... Low Unreviewed
CVE-2026-5382 was published Apr 7, 2026
An issue that could allow a user with access to a credential to view sensitive fields through an... Low Unreviewed
CVE-2026-5375 was published Apr 7, 2026
An issue that could expose task information outside of the authorized organization scope has been... Low Unreviewed
CVE-2026-5381 was published Apr 7, 2026
An issue that allowed MCP agents to access certificate information from outside of their... Low Unreviewed
CVE-2026-5379 was published Apr 7, 2026
Django vulnerable to privilege abuse in ModelAdmin.list_editable Low
CVE-2026-4292 was published for Django (pip) Apr 7, 2026
PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state Low
GHSA-f9jp-856v-8642 was published for pocketmine/pocketmine-mp (Composer) Apr 6, 2026
kostamax27 Credited to kostamax27 and dktapps dktapps dktapps
OpenEXR Makes Use of Uninitialized Memory Low
CVE-2025-64181 was published for OpenEXR (pip) Apr 6, 2026
Kaldreic Credited to Kaldreic
Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim Low
CVE-2026-37977 was published for org.keycloak:keycloak-services (Maven) Apr 6, 2026
Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions,... Low Unreviewed
CVE-2026-35679 was published Apr 6, 2026
@nor2/heim-mcp vulnerable to command injection Low
CVE-2026-5602 was published for @nor2/heim-mcp (npm) Apr 6, 2026
@elgentos/magento2-dev-mcp vulnerable to command injection Low
CVE-2026-5603 was published for @elgentos/magento2-dev-mcp (npm) Apr 6, 2026
PyBlade: SSTI/RCE via Bypassed AST Validation in sandbox.py Low
CVE-2026-5559 was published for pyblade (pip) Apr 5, 2026
AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php Low
CVE-2026-35448 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Parse Server: File upload Content-Type override via extension mismatch Low
CVE-2026-35200 was published for parse-server (npm) Apr 4, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Electron: Use-after-free in offscreen shared texture release() callback Low
CVE-2026-34764 was published for electron (npm) Apr 3, 2026
daffainfo Credited to daffainfo
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility,... Low Unreviewed
CVE-2026-3184 was published Apr 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database