Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,189 advisories

Loading
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute... High Unreviewed
CVE-2026-37526 was published May 1, 2026
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the... Low Unreviewed
CVE-2026-7578 was published May 1, 2026
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i... Moderate Unreviewed
CVE-2026-2311 was published May 1, 2026
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the... Low Unreviewed
CVE-2026-7393 was published Apr 29, 2026
A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-9772 was published Apr 29, 2026
FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field Moderate
CVE-2026-32699 was published for facturascripts/facturascripts (Composer) Apr 28, 2026
TurkiOS Credited to TurkiOS
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... High Unreviewed
CVE-2026-5780 was published Apr 28, 2026
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... Critical Unreviewed
CVE-2026-5779 was published Apr 28, 2026
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the... Moderate Unreviewed
CVE-2026-7238 was published Apr 28, 2026
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from... Moderate Unreviewed
CVE-2026-40966 was published Apr 28, 2026
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an... Moderate Unreviewed
CVE-2026-7134 was published Apr 27, 2026
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts... Moderate Unreviewed
CVE-2026-7133 was published Apr 27, 2026
A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted... Moderate Unreviewed
CVE-2026-7107 was published Apr 27, 2026
A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of... Moderate Unreviewed
CVE-2026-7043 was published Apr 27, 2026
A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file ... Moderate Unreviewed
CVE-2026-7044 was published Apr 27, 2026
OpenClaw: Paired-device pairing actions were not limited to the caller device Low
GHSA-xrq9-jm7v-g9h7 was published for openclaw (npm) Apr 25, 2026
Hinotoi-agent Credited to Hinotoi-agent
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low... Moderate Unreviewed
CVE-2025-67259 was published Apr 24, 2026
In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution... Moderate Unreviewed
CVE-2025-59308 was published Apr 24, 2026
Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources High
GHSA-qc5p-3mg5-9fh8 was published for avo (RubyGems) Apr 24, 2026
xIllunight Credited to xIllunight
In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the... Moderate Unreviewed
CVE-2026-29197 was published Apr 24, 2026
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-24303 was published Apr 24, 2026
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment High
CVE-2026-41900 was published for openlearnx (npm) Apr 23, 2026
krrazee Credited to krrazee, 0x5t4l1n, and harriiinnii 0x5t4l1n 0x5t4l1n
harriiinnii harriiinnii
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers High
CVE-2026-33318 was published for @actual-app/sync-server (npm) Apr 23, 2026
Rex50527 Credited to Rex50527
@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call High
CVE-2026-41641 was published for @nocobase/plugin-collection-sql (npm) Apr 22, 2026
p80n-sec Credited to p80n-sec
Nuclei: Local File Read via require() Module Loader Bypass Moderate
CVE-2026-41646 was published for github.com/projectdiscovery/nuclei/v3 (Go) Apr 22, 2026
AkashHamal0x01 Credited to AkashHamal0x01
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database