Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,811 advisories

Loading
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2026-3844 was published Apr 23, 2026
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL... Critical Unreviewed
CVE-2026-29198 was published Apr 23, 2026
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution Critical
GHSA-j5w5-568x-rq53 was published for @evomap/evolver (npm) Apr 22, 2026
xeloxa Credited to xeloxa
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access Critical
GHSA-2hp7-65r3-wv54 was published for github.com/orneryd/nornicdb (Go) Apr 22, 2026
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known... Critical Unreviewed
CVE-2026-41468 was published Apr 22, 2026
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation... Critical Unreviewed
CVE-2026-34415 was published Apr 22, 2026
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2026-3461 was published Apr 22, 2026
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... Critical Unreviewed
CVE-2026-1555 was published Apr 22, 2026
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2018-25270 was published Apr 22, 2026
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain... Critical Unreviewed
CVE-2018-25272 was published Apr 22, 2026
CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE Critical
CVE-2026-41203 was published for ci4-cms-erp/ci4ms (Composer) Apr 22, 2026
fg0x0 Credited to fg0x0
CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE Critical
CVE-2026-41202 was published for ci4-cms-erp/ci4ms (Composer) Apr 22, 2026
fg0x0 Credited to fg0x0
A vulnerability in the web application allows standard users to escalate their privileges to... Critical Unreviewed
CVE-2026-6356 was published Apr 22, 2026
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution Critical
CVE-2026-41179 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution Critical
CVE-2026-41176 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access Critical
CVE-2026-41070 was published for github.com/jkroepke/openvpn-auth-oauth2 (Go) Apr 22, 2026
kkalev Credited to kkalev
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the ... Critical Unreviewed
CVE-2026-6235 was published Apr 22, 2026
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions... Critical Unreviewed
CVE-2026-4119 was published Apr 22, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34287 was published Apr 21, 2026
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on... Critical Unreviewed
CVE-2026-33519 was published Apr 21, 2026
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows... Critical Unreviewed
CVE-2026-33518 was published Apr 21, 2026
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite ... Critical Unreviewed
CVE-2026-34275 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34285 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34286 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database