Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13,885 advisories

Loading
Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a... Low Unreviewed
CVE-2026-6312 was published Apr 15, 2026
--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: ... Low Unreviewed
CVE-2026-21727 was published Apr 15, 2026
In Grafana's alerting system, users with edit permissions for a contact point, specifically the... Low Unreviewed
CVE-2025-12141 was published Apr 15, 2026
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of... Low Unreviewed
CVE-2025-52641 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27308 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27307 was published Apr 15, 2026
Defense in Depth update for NuGet Client Low
GHSA-g4vj-cjjj-v7hg was published for NuGet.CommandLine (NuGet) Apr 14, 2026
pyLoad's Session Not Invalidated After Permission Changes Low
GHSA-fj52-5g4h-gmq8 was published for pyload-ng (pip) Apr 14, 2026
PinkDraconian Credited to PinkDraconian
OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses Low
GHSA-hw5x-4r37-72w7 was published for github.com/opentofu/opentofu (Go) Apr 14, 2026
DotNetNuke.Core security code analysis rules triggered Low
GHSA-fcpv-w245-r2q7 was published for DotNetNuke.Core (NuGet) Apr 14, 2026
bdukes Credited to bdukes and valadas valadas valadas
ImageMagick has a memory leak in PNG encoder when writing a MNG image Low
GHSA-x928-4434-crqj was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
ylwango613 Credited to ylwango613
ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts Low
GHSA-pmpg-6pww-fg6q was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
ylwango613 Credited to ylwango613
ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value Low
GHSA-8vfj-q2cp-5m5j was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
e1abrador Credited to e1abrador
ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing Low
GHSA-q8h3-jv9v-57qx was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
shitianyu-2004 Credited to shitianyu-2004
ImageMagick has a heap-buffer-overflow in FTXT encoder Low
GHSA-w54j-7wpm-crhj was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
unbengable12 Credited to unbengable12
Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability Low
CVE-2026-32178 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Apr 14, 2026
Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check Low
CVE-2026-40319 was published for giskard-checks (pip) Apr 14, 2026
dhabaleshwar Credited to dhabaleshwar
Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint Low
GHSA-7qx6-f23w-3w7f was published for github.com/patrickhener/goshs (Go) Apr 14, 2026
wooseokdotkim Credited to wooseokdotkim
OAuth2 Proxy's session cookies are not cleared when rendering sign-in page Low
CVE-2026-34454 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Apr 14, 2026
bella-WI Credited to bella-WI and fnoehWM fnoehWM fnoehWM
Multiple security fixes in justhtml Low
GHSA-4p64-v8f5-r2gx was published for justhtml (pip) Apr 14, 2026
EmilStenstrom Credited to EmilStenstrom
An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in... Low Unreviewed
CVE-2026-21741 was published Apr 14, 2026
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5... Low Unreviewed
CVE-2026-27316 was published Apr 14, 2026
CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause ... Low Unreviewed
CVE-2026-2401 was published Apr 14, 2026
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL... Low Unreviewed
CVE-2026-37597 was published Apr 14, 2026
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the... Low Unreviewed
CVE-2026-37600 was published Apr 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database