Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,774 advisories

Loading
A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and... Critical Unreviewed
CVE-2026-40470 was published Apr 23, 2026
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts... Critical Unreviewed
CVE-2026-40471 was published Apr 23, 2026
SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity... Critical Unreviewed
CVE-2026-41460 was published Apr 23, 2026
In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href... Critical Unreviewed
CVE-2026-40472 was published Apr 23, 2026
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be... Critical Unreviewed
CVE-2026-23751 was published Apr 23, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC... Critical Unreviewed
CVE-2026-39440 was published Apr 23, 2026
OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool Critical
GHSA-2wvh-87g2-89hr was published for openc3 (RubyGems) Apr 23, 2026
suffs811 Credited to suffs811
OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database Critical
GHSA-v529-vhwc-wfc5 was published for openc3 (RubyGems) Apr 23, 2026
suffs811 Credited to suffs811
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary... Critical Unreviewed
CVE-2026-6885 was published Apr 23, 2026
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication... Critical Unreviewed
CVE-2026-6886 was published Apr 23, 2026
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection... Critical Unreviewed
CVE-2026-6887 was published Apr 23, 2026
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2026-3844 was published Apr 23, 2026
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL... Critical Unreviewed
CVE-2026-29198 was published Apr 23, 2026
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution Critical
GHSA-j5w5-568x-rq53 was published for @evomap/evolver (npm) Apr 22, 2026
xeloxa Credited to xeloxa
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access Critical
GHSA-2hp7-65r3-wv54 was published for github.com/orneryd/nornicdb (Go) Apr 22, 2026
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation... Critical Unreviewed
CVE-2026-34415 was published Apr 22, 2026
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known... Critical Unreviewed
CVE-2026-41468 was published Apr 22, 2026
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2026-3461 was published Apr 22, 2026
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... Critical Unreviewed
CVE-2026-1555 was published Apr 22, 2026
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2018-25270 was published Apr 22, 2026
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain... Critical Unreviewed
CVE-2018-25272 was published Apr 22, 2026
CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE Critical
CVE-2026-41203 was published for ci4-cms-erp/ci4ms (Composer) Apr 22, 2026
fg0x0 Credited to fg0x0
CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE Critical
CVE-2026-41202 was published for ci4-cms-erp/ci4ms (Composer) Apr 22, 2026
fg0x0 Credited to fg0x0
A vulnerability in the web application allows standard users to escalate their privileges to... Critical Unreviewed
CVE-2026-6356 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database