Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

2,099 advisories

Loading
ps_checkout allows unauthorized method invocation through unvalidated parameter Low
GHSA-mqq7-wxx5-mp8h was published for prestashop/ps_checkout (Composer) Apr 30, 2026
ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction Low
GHSA-28xx-pppm-vqff was published for github.com/ydb-platform/ydb-go-sdk/v3 (Go) Apr 30, 2026
kprokopenko Credited to kprokopenko and asmyasnikov asmyasnikov asmyasnikov
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send Low
CVE-2026-41663 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment Low
CVE-2026-41659 was published for admidio/admidio (Composer) Apr 29, 2026
offset Credited to offset
OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks Low
GHSA-j4c5-89f5-f3pm was published for openclaw (npm) Apr 25, 2026
nicky-cc Credited to nicky-cc
OpenClaw: Paired-device pairing actions were not limited to the caller device Low
GHSA-xrq9-jm7v-g9h7 was published for openclaw (npm) Apr 25, 2026
Hinotoi-agent Credited to Hinotoi-agent
OpenClaw: QQBot direct media upload skipped URL SSRF validation Low
GHSA-c4qg-j8jg-42q5 was published for openclaw (npm) Apr 25, 2026
foodlook Credited to foodlook
OpenClaw: Isolated cron awareness events were recorded as trusted system events Low
GHSA-57r2-h2wj-g887 was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization Low
GHSA-v8qf-fr4g-28p2 was published for openclaw (npm) Apr 25, 2026
Kherrisan Credited to Kherrisan
Kimai has Missing Object-Level Authorization in the Team API Low
CVE-2026-41498 was published for kimai/kimai (Composer) Apr 24, 2026
AzureADTrent Credited to AzureADTrent
melange has Path Traversal via .PKGINFO in --persist-lint-results Low
CVE-2026-29051 was published for chainguard.dev/melange (Go) Apr 23, 2026
1seal Credited to 1seal and antitree antitree antitree
Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4) Low
CVE-2026-41321 was published for @astrojs/cloudflare (npm) Apr 23, 2026
kodareef5 Credited to kodareef5
verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval() Low
CVE-2026-6878 was published for verl (pip) Apr 23, 2026
copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action Low
CVE-2026-6874 was published for copilot-api (npm) Apr 23, 2026
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length Low
CVE-2026-41677 was published for openssl (Rust) Apr 22, 2026
pgx: SQL Injection via placeholder confusion with dollar quoted string literals Low
CVE-2026-41889 was published for github.com/jackc/pgx (Go) Apr 22, 2026
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
uutils coreutils has an Incorrect Provision of Specified Functionality Issue Low
CVE-2026-35379 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Short Circuit Evaluation Issue Low
CVE-2026-35378 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
CVE-2026-35375 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Input Validation Issue in its env Utility Low
CVE-2026-35377 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
CVE-2026-35373 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils's User Interface (UI) Misrepresents Critical Information Low
CVE-2026-35371 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility Low
CVE-2026-35381 was published for coreutils (Rust) Apr 22, 2026
coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines Low
CVE-2026-35346 was published for coreutils (Rust) Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database