Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12,047 advisories

Loading
The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions... Moderate Unreviewed
CVE-2026-1782 was published Apr 22, 2026
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command... Low Unreviewed
CVE-2026-35377 was published Apr 22, 2026
A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret... Moderate Unreviewed
CVE-2026-35380 was published Apr 22, 2026
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs... Moderate Unreviewed
CVE-2026-35347 was published Apr 22, 2026
An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1... Moderate Unreviewed
CVE-2026-35369 was published Apr 22, 2026
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5... Moderate Unreviewed
CVE-2026-31192 was published Apr 22, 2026
Vulnerability in Spring Spring Security. When an application configures JWT decoding with... Moderate Unreviewed
CVE-2026-22748 was published Apr 22, 2026
Neko has a Self-service Privilege Escalation for Authenticated Users High
CVE-2026-39386 was published for github.com/m1k1o/neko/server (Go) Apr 21, 2026
blitzkrieg-patch Credited to blitzkrieg-patch
Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6777 was published Apr 21, 2026
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6779 was published Apr 21, 2026
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths Critical
CVE-2026-32604 was published for io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo (Maven) Apr 21, 2026
LeftenantZero Credited to LeftenantZero and jasonmcintosh jasonmcintosh jasonmcintosh
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset... High Unreviewed
CVE-2025-13826 was published Apr 21, 2026
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-6675 was published Apr 21, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0... High Unreviewed
CVE-2026-24504 was published Apr 20, 2026
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation... High Unreviewed
CVE-2026-24505 was published Apr 20, 2026
Cockpit has NoSQL Injection Through Content Aggregation Pipelines Low
CVE-2026-6626 was published for cockpit-hq/cockpit (Composer) Apr 20, 2026
Improper input validation, Improper verification of cryptographic signature vulnerability in... High Unreviewed
CVE-2026-6328 was published Apr 17, 2026
Flowise: Parameter Override Bypass Remote Command Execution High
GHSA-cvrr-qhgw-2mm6 was published for flowise (npm) Apr 16, 2026
retpoline Credited to retpoline
Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association High
GHSA-48m6-ch88-55mj was published for flowise (npm) Apr 16, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Withdrawn Advisory: Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion High
GHSA-qjfj-3mm5-vrjg was published for google/protobuf (Composer) Apr 16, 2026 withdrawn
Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is... Moderate Unreviewed
CVE-2026-22615 was published Apr 16, 2026
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation... Moderate Unreviewed
CVE-2026-27299 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation... High Unreviewed
CVE-2026-27306 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation... Critical Unreviewed
CVE-2026-27304 was published Apr 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database