Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,627
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,848
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

156,743 advisories

Loading
OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter Moderate
CVE-2026-42191 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 30, 2026
Kielek Credited to Kielek, martincostello, rajkumar-rangaraj, and arminru martincostello martincostello
rajkumar-rangaraj rajkumar-rangaraj arminru arminru
A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint... Moderate Unreviewed
CVE-2026-36763 was published Apr 30, 2026
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive... Moderate Unreviewed
CVE-2026-3833 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14... Moderate Unreviewed
CVE-2026-36756 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14... Moderate Unreviewed
CVE-2026-36758 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2... Moderate Unreviewed
CVE-2026-36757 was published Apr 30, 2026
A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite... Moderate Unreviewed
CVE-2026-36761 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of... Moderate Unreviewed
CVE-2026-36764 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2... Moderate Unreviewed
CVE-2026-36759 was published Apr 30, 2026
Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to... Moderate Unreviewed
CVE-2026-38940 was published Apr 30, 2026
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to... Moderate Unreviewed
CVE-2026-38939 was published Apr 30, 2026
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql` Moderate
CVE-2026-42032 was published for ckan (pip) Apr 30, 2026
ddd Credited to ddd
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url Moderate
CVE-2026-41654 was published for weblate (pip) Apr 30, 2026
fg0x0 Credited to fg0x0 and nijel nijel nijel
Weblate Doesn't Invalidate API Token on Password Change Moderate
CVE-2026-41519 was published for weblate (pip) Apr 30, 2026
whatisproblem Credited to whatisproblem and nijel nijel nijel
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal... Moderate Unreviewed
CVE-2026-7382 was published Apr 30, 2026
When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is... Moderate Unreviewed
CVE-2026-7500 was published Apr 30, 2026
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted... Moderate Unreviewed
CVE-2026-7163 was published Apr 30, 2026
The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via... Moderate Unreviewed
CVE-2026-6498 was published Apr 30, 2026
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application... Moderate Unreviewed
CVE-2026-1493 was published Apr 30, 2026
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The... Moderate Unreviewed
CVE-2026-5080 was published Apr 30, 2026
Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an... Moderate Unreviewed
CVE-2026-41016 was published Apr 30, 2026
iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service Moderate Unreviewed
CVE-2026-6529 was published Apr 30, 2026
ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial... Moderate Unreviewed
CVE-2026-6527 was published Apr 30, 2026
TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service Moderate Unreviewed
CVE-2026-6528 was published Apr 30, 2026
SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of... Moderate Unreviewed
CVE-2026-6867 was published Apr 30, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database