Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,186 advisories

Loading
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the... Low Unreviewed
CVE-2026-7393 was published Apr 29, 2026
A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-9772 was published Apr 29, 2026
FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field Moderate
CVE-2026-32699 was published for facturascripts/facturascripts (Composer) Apr 28, 2026
TurkiOS Credited to TurkiOS
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... High Unreviewed
CVE-2026-5780 was published Apr 28, 2026
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... Critical Unreviewed
CVE-2026-5779 was published Apr 28, 2026
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the... Moderate Unreviewed
CVE-2026-7238 was published Apr 28, 2026
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from... Moderate Unreviewed
CVE-2026-40966 was published Apr 28, 2026
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an... Moderate Unreviewed
CVE-2026-7134 was published Apr 27, 2026
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts... Moderate Unreviewed
CVE-2026-7133 was published Apr 27, 2026
A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted... Moderate Unreviewed
CVE-2026-7107 was published Apr 27, 2026
A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of... Moderate Unreviewed
CVE-2026-7043 was published Apr 27, 2026
A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file ... Moderate Unreviewed
CVE-2026-7044 was published Apr 27, 2026
OpenClaw: Paired-device pairing actions were not limited to the caller device Low
GHSA-xrq9-jm7v-g9h7 was published for openclaw (npm) Apr 25, 2026
Hinotoi-agent Credited to Hinotoi-agent
In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution... Moderate Unreviewed
CVE-2025-59308 was published Apr 24, 2026
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low... Moderate Unreviewed
CVE-2025-67259 was published Apr 24, 2026
Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources High
GHSA-qc5p-3mg5-9fh8 was published for avo (RubyGems) Apr 24, 2026
In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the... Moderate Unreviewed
CVE-2026-29197 was published Apr 24, 2026
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-24303 was published Apr 24, 2026
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment High
CVE-2026-41900 was published for openlearnx (npm) Apr 23, 2026
krraze Credited to krraze, Stalin-143, and harriiinnii Stalin-143 Stalin-143
harriiinnii harriiinnii
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers High
CVE-2026-33318 was published for @actual-app/sync-server (npm) Apr 23, 2026
Rex50527 Credited to Rex50527
@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call High
CVE-2026-41641 was published for @nocobase/plugin-collection-sql (npm) Apr 22, 2026
p80n-sec Credited to p80n-sec
Nuclei: Local File Read via require() Module Loader Bypass Moderate
CVE-2026-41646 was published for github.com/projectdiscovery/nuclei/v3 (Go) Apr 22, 2026
AkashHamal0x01 Credited to AkashHamal0x01
OpenRemote has Improper Access Control via updateUserRealmRoles function High
CVE-2026-41166 was published for io.openremote:openremote-manager (Maven) Apr 22, 2026
KKC73 Credited to KKC73
Spring Security Doesn't Correctly Include Servlet Path in Path Matching of XML Authorization Rules High
CVE-2026-22754 was published for org.springframework.security:spring-security-config (Maven) Apr 22, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-35247 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database