Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12,069 advisories

Loading
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load... Low Unreviewed
CVE-2026-7597 was published May 2, 2026
An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11... High Unreviewed
CVE-2025-52347 was published May 1, 2026
ps_checkout allows unauthorized method invocation through unvalidated parameter Low
GHSA-mqq7-wxx5-mp8h was published for prestashop/ps_checkout (Composer) Apr 30, 2026
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege... High Unreviewed
CVE-2026-5174 was published Apr 30, 2026
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url Moderate
CVE-2026-41654 was published for weblate (pip) Apr 30, 2026
fg0x0 Credited to fg0x0 and nijel nijel nijel
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code... High Unreviewed
CVE-2025-14576 was published Apr 30, 2026
Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest High
CVE-2026-41670 was published for admidio/admidio (Composer) Apr 29, 2026
offset Credited to offset
wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If... Moderate Unreviewed
CVE-2026-1858 was published Apr 29, 2026
n8n has SQL Injection in Oracle Database Node via Limit Field Moderate
CVE-2026-42233 was published for n8n (npm) Apr 29, 2026
pawbednarz Credited to pawbednarz
An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0... High Unreviewed
CVE-2026-30769 was published Apr 29, 2026
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727... Low Unreviewed
CVE-2026-7360 was published Apr 29, 2026
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability... Low Unreviewed
CVE-2026-7317 was published Apr 29, 2026
Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138... High Unreviewed
CVE-2026-7345 was published Apr 29, 2026
NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input... Moderate Unreviewed
CVE-2026-24204 was published Apr 28, 2026
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to... Moderate Unreviewed
CVE-2024-54011 was published Apr 28, 2026
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when... High Unreviewed
CVE-2026-5941 was published Apr 27, 2026
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses Critical
GHSA-wpqr-6v78-jr5g was published for @google/gemini-cli (GitHub Actions) Apr 24, 2026
DanusMinimus Credited to DanusMinimus and EladMeged-Novee EladMeged-Novee EladMeged-Novee
k8sGPT has Prompt Injection through its k8sGPT-Operator High
GHSA-rp7v-4384-hfrp was published for github.com/k8sgpt-ai/k8sgpt (Go) Apr 24, 2026
haruki3hhh Credited to haruki3hhh
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution High
CVE-2026-40068 was published for @anthropic-ai/claude-code (npm) Apr 24, 2026
Improper Input Validation, Improper Control of Generation of Code ('Code Injection')... High Unreviewed
CVE-2026-41044 was published Apr 24, 2026
Improper Input Validation, Improper Control of Generation of Code ('Code Injection')... High Unreviewed
CVE-2026-40466 was published Apr 24, 2026
The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions... Moderate Unreviewed
CVE-2026-1782 was published Apr 22, 2026
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
uutils coreutils has an Improper Input Validation Issue in its env Utility Low
CVE-2026-35377 was published for coreutils (Rust) Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database