Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,774 advisories

Loading
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution Critical
CVE-2026-41179 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution Critical
CVE-2026-41176 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access Critical
CVE-2026-41070 was published for github.com/jkroepke/openvpn-auth-oauth2 (Go) Apr 22, 2026
kkalev Credited to kkalev
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the ... Critical Unreviewed
CVE-2026-6235 was published Apr 22, 2026
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions... Critical Unreviewed
CVE-2026-4119 was published Apr 22, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34287 was published Apr 21, 2026
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on... Critical Unreviewed
CVE-2026-33519 was published Apr 21, 2026
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows... Critical Unreviewed
CVE-2026-33518 was published Apr 21, 2026
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager... Critical Unreviewed
CVE-2026-34279 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34285 was published Apr 21, 2026
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite ... Critical Unreviewed
CVE-2026-34275 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34286 was published Apr 21, 2026
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability Critical
CVE-2026-41264 was published for flowise (npm) Apr 21, 2026
zdi-disclosures Credited to zdi-disclosures
Brillig: Heap corruption in foreign call results with nested tuple arrays Critical
CVE-2026-41197 was published for brillig (Rust) Apr 21, 2026
An insecure direct object reference vulnerability in the Users API component of Crafty Controller... Critical Unreviewed
CVE-2026-5652 was published Apr 21, 2026
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2026-38835 was published Apr 21, 2026
CrowdStrike has released security updates to address a critical unauthenticated path traversal... Critical Unreviewed
CVE-2026-40050 was published Apr 21, 2026
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an... Critical Unreviewed
CVE-2025-41029 was published Apr 21, 2026
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net:... Critical Unreviewed
CVE-2025-15638 was published Apr 21, 2026
This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0... Critical Unreviewed
CVE-2026-21571 was published Apr 21, 2026
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon... Critical Unreviewed
CVE-2019-25714 was published Apr 21, 2026
Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored... Critical Unreviewed
CVE-2017-20230 was published Apr 21, 2026
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. Critical Unreviewed
CVE-2026-6768 was published Apr 21, 2026
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and... Critical Unreviewed
CVE-2026-6771 was published Apr 21, 2026
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. Critical Unreviewed
CVE-2026-6760 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database