Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,748 advisories

Loading
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be... Critical Unreviewed
CVE-2026-23751 was published Apr 23, 2026
Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the... High Unreviewed
CVE-2018-25259 was published Apr 22, 2026
Inadequate access control in the registration process in Fullstep V5, which could allow... High Unreviewed
CVE-2026-5749 was published Apr 22, 2026
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection High
GHSA-2r2p-4cgf-hv7h was published for engramx (npm) Apr 22, 2026
gabiudrescu Credited to gabiudrescu
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution Critical
CVE-2026-41179 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution Critical
CVE-2026-41176 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Moderate Unreviewed
CVE-2026-34288 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Moderate Unreviewed
CVE-2026-34289 was published Apr 21, 2026
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft ... Moderate Unreviewed
CVE-2026-34280 was published Apr 21, 2026
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager... Critical Unreviewed
CVE-2026-34279 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34285 was published Apr 21, 2026
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite ... Critical Unreviewed
CVE-2026-34275 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34286 was published Apr 21, 2026
Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft ... Moderate Unreviewed
CVE-2026-34266 was published Apr 21, 2026
NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints... High Unreviewed
CVE-2026-24177 was published Apr 21, 2026
Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS High
CVE-2026-34839 was published for Glances (pip) Apr 21, 2026
Venukamatchi Credited to Venukamatchi
This vulnerability exists in Quantum Networks router due to improper access control and insecure... High Unreviewed
CVE-2026-41039 was published Apr 21, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0... High Unreviewed
CVE-2026-26944 was published Apr 20, 2026
An improper access control vulnerability in the canonical-livepatch snap client prior to version... Moderate Unreviewed
CVE-2026-6369 was published Apr 20, 2026
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for... Moderate Unreviewed
CVE-2026-32962 was published Apr 20, 2026
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for... Moderate Unreviewed
CVE-2026-32957 was published Apr 20, 2026
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug ... High Unreviewed
CVE-2026-40461 was published Apr 17, 2026
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted ... Critical Unreviewed
CVE-2026-35546 was published Apr 17, 2026
OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials Moderate
GHSA-92jp-89mq-4374 was published for openclaw (npm) Apr 17, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode High
GHSA-xfqj-r5qw-8g4j was published for @paperclipai/server (npm) Apr 16, 2026
sagilayani Credited to sagilayani
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database