Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,766 advisories

Loading
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical... Low Unreviewed
CVE-2025-13030 was published Apr 30, 2026
A vulnerability in the access control mechanism of SonicOS may allow certain management interface... High Unreviewed
CVE-2026-0204 was published Apr 29, 2026
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20,... Critical Unreviewed
CVE-2026-41940 was published Apr 29, 2026
Delta Electronics DIAView has an authentication bypass vulnerability. Moderate Unreviewed
CVE-2025-58318 was published Apr 29, 2026
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with... Critical Unreviewed
CVE-2026-3893 was published Apr 28, 2026
An improper access control vulnerability exists in the Cisco Intersight Device Connector for... Moderate Unreviewed
CVE-2026-5944 was published Apr 28, 2026
An unsecured configuration interface on affected devices allows unauthenticated remote attackers... High Unreviewed
CVE-2026-3323 was published Apr 28, 2026
Penetration Testing engineers at Amazon have identified a security flaw related to request... High Unreviewed
CVE-2024-54013 was published Apr 28, 2026
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI... High Unreviewed
CVE-2026-41473 was published Apr 24, 2026
Traefik: Pre-authentication decision bypass due to forwarded alias spoofing High
CVE-2026-39858 was published for github.com/traefik/traefik (Go) Apr 24, 2026
fancymalware Credited to fancymalware
bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection... Moderate Unreviewed
CVE-2026-42095 was published Apr 24, 2026
A client holding only a read JWT scope can still register itself as a signal provider through the... High Unreviewed
CVE-2026-6272 was published Apr 24, 2026
A vulnerability exists in SenseLive X3050's web management interface that allows critical... Critical Unreviewed
CVE-2026-27843 was published Apr 24, 2026
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and... Critical Unreviewed
CVE-2026-25775 was published Apr 24, 2026
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of... High Unreviewed
CVE-2026-35064 was published Apr 24, 2026
A vulnerability in SenseLive X3050’s embedded management service allows full administrative... Critical Unreviewed
CVE-2026-40620 was published Apr 24, 2026
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to... High Unreviewed
CVE-2026-6376 was published Apr 23, 2026
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be... Critical Unreviewed
CVE-2026-23751 was published Apr 23, 2026
Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the... High Unreviewed
CVE-2018-25259 was published Apr 22, 2026
Inadequate access control in the registration process in Fullstep V5, which could allow... High Unreviewed
CVE-2026-5749 was published Apr 22, 2026
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection High
GHSA-2r2p-4cgf-hv7h was published for engramx (npm) Apr 22, 2026
gabiudrescu Credited to gabiudrescu
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution Critical
CVE-2026-41179 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution Critical
CVE-2026-41176 was published for github.com/rclone/rclone (Go) Apr 22, 2026
0wnerDied Credited to 0wnerDied and ncw ncw ncw
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Moderate Unreviewed
CVE-2026-34289 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Moderate Unreviewed
CVE-2026-34288 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database