Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,098
Maven
5,000+
npm
4,984
NuGet
826
pip
4,425
Pub
12
RubyGems
988
Rust
1,170
Swift
50
Unreviewed advisories
All unreviewed
5,000+

119,972 advisories

Loading
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the... High Unreviewed
CVE-2026-3613 was published Mar 6, 2026
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function... High Unreviewed
CVE-2026-3612 was published Mar 6, 2026
Sensitive information disclosure and manipulation due to improper authentication. The following... High Unreviewed
CVE-2026-28710 was published Mar 6, 2026
The WebSocket Application Programming Interface lacks restrictions on the number of... High Unreviewed
CVE-2026-27778 was published Mar 6, 2026
Local privilege escalation due to insecure Unix socket permissions. The following products are... High Unreviewed
CVE-2026-28727 was published Mar 6, 2026
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2026-28722 was published Mar 6, 2026
Default credentials set for local privileged user in Virtual Appliance. The following products... High Unreviewed
CVE-2026-28713 was published Mar 6, 2026
Local privilege escalation due to improper soft link handling. The following products are... High Unreviewed
CVE-2026-28721 was published Mar 6, 2026
Payment Orchestrator Service Elevation of Privilege Vulnerability High Unreviewed
CVE-2026-26125 was published Mar 6, 2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are... High Unreviewed
CVE-2025-11792 was published Mar 6, 2026
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality High
GHSA-5r2p-pjr8-7fh7 was published for sagemaker (pip) Mar 5, 2026
daridor9 Credited to daridor9
WeKnora is Vulnerable to SSRF via Redirection High
CVE-2026-30247 was published for github.com/Tencent/WeKnora (Go) Mar 5, 2026
aleister1102 Credited to aleister1102 and Haruna38 Haruna38 Haruna38
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure High
CVE-2026-30244 was published for plane (pip) Mar 5, 2026
Sanu1999 Credited to Sanu1999
Plane has SSRF via Incomplete IP Validation in Webhook URL Serializer High
CVE-2026-30242 was published for plane (pip) Mar 5, 2026
ByamB4 Credited to ByamB4
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows... High Unreviewed
CVE-2026-3009 was published Mar 5, 2026
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-3459 was published Mar 5, 2026
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language ... High Unreviewed
CVE-2026-3047 was published Mar 5, 2026
Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit... High Unreviewed
CVE-2025-13350 was published Mar 5, 2026
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
Pingora vulnerable to cache poisoning via insecure-by-default cache key High
CVE-2026-2836 was published for pingora-cache (Rust) Mar 5, 2026
xclow3n Credited to xclow3n
OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes High
CVE-2026-30223 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
Gogs: DOM-based XSS via milestone selection High
CVE-2026-26276 was published for gogs.io/gogs (Go) Mar 5, 2026
odgrso Credited to odgrso
Gogs: Release tag option injection in release deletion High
CVE-2026-26194 was published for gogs.io/gogs (Go) Mar 5, 2026
rezmoss Credited to rezmoss
Gogs: Stored XSS via data URI in issue comments High
CVE-2026-26022 was published for gogs.io/gogs (Go) Mar 5, 2026
dxlerYT Credited to dxlerYT
Gokapi has Stored XSS in SVG Hotlinks High
CVE-2026-28683 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu and Forceu Forceu Forceu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database