Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

156,043 advisories

Loading
Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to... Moderate Unreviewed
CVE-2026-6921 was published Apr 23, 2026
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Moderate Unreviewed
CVE-2026-31179 was published Apr 23, 2026
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Moderate Unreviewed
CVE-2026-31159 was published Apr 23, 2026
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to... Moderate Unreviewed
CVE-2026-31176 was published Apr 23, 2026
OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device... Moderate Unreviewed
CVE-2026-41909 was published Apr 23, 2026
TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic... Moderate Unreviewed
CVE-2026-5039 was published Apr 23, 2026
SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability... Moderate Unreviewed
CVE-2026-41461 was published Apr 23, 2026
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly... Moderate Unreviewed
CVE-2025-66286 was published Apr 23, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager admin-menu-manager... Moderate Unreviewed
CVE-2025-26925 was published Apr 23, 2026
Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed Moderate
CVE-2026-41322 was published for @astrojs/node (npm) Apr 23, 2026
dnlbln Credited to dnlbln, matthewp, and ematipico matthewp matthewp
ematipico ematipico
n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests Moderate
CVE-2026-41495 was published for n8n-mcp (npm) Apr 23, 2026
S4nso Credited to S4nso
goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS Moderate
GHSA-rhf7-wvw3-vjvm was published for github.com/patrickhener/goshs (Go) Apr 23, 2026
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint ... Moderate Unreviewed
CVE-2026-3960 was published Apr 23, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-28040 was published Apr 23, 2026
Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting... Moderate Unreviewed
CVE-2025-62104 was published Apr 23, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62110 was published Apr 23, 2026
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX... Moderate Unreviewed
CVE-2026-4106 was published Apr 23, 2026
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak... Moderate Unreviewed
CVE-2025-10549 was published Apr 23, 2026
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via... Moderate Unreviewed
CVE-2026-41989 was published Apr 23, 2026
Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an... Moderate Unreviewed
CVE-2026-3007 was published Apr 23, 2026
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-3361 was published Apr 23, 2026
Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds... Moderate Unreviewed
CVE-2026-41990 was published Apr 23, 2026
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored... Moderate Unreviewed
CVE-2026-40529 was published Apr 23, 2026
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is... Moderate Unreviewed
CVE-2026-2951 was published Apr 23, 2026
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-1923 was published Apr 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database