Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,627
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,848
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

329,507 advisories

Loading
OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter Moderate
CVE-2026-42191 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 30, 2026
Kielek Credited to Kielek, martincostello, rajkumar-rangaraj, and arminru martincostello martincostello
rajkumar-rangaraj rajkumar-rangaraj arminru arminru
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4... Unknown Unreviewed
CVE-2026-36765 was published Apr 30, 2026
A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint... Moderate Unreviewed
CVE-2026-36763 was published Apr 30, 2026
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a... Low Unreviewed
CVE-2026-3832 was published Apr 30, 2026
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive... Moderate Unreviewed
CVE-2026-3833 was published Apr 30, 2026
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the... Unknown Unreviewed
CVE-2026-36766 was published Apr 30, 2026
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary... High Unreviewed
CVE-2026-36340 was published Apr 30, 2026
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U... High Unreviewed
CVE-2026-36960 was published Apr 30, 2026
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows... Unknown Unreviewed
CVE-2026-36762 was published Apr 30, 2026
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation... Critical Unreviewed
CVE-2026-4670 was published Apr 30, 2026
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability... High Unreviewed
CVE-2022-50992 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14... Moderate Unreviewed
CVE-2026-36756 was published Apr 30, 2026
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege... High Unreviewed
CVE-2026-5174 was published Apr 30, 2026
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary... Critical Unreviewed
CVE-2022-50993 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14... Moderate Unreviewed
CVE-2026-36758 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2... Moderate Unreviewed
CVE-2026-36757 was published Apr 30, 2026
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can... High Unreviewed
CVE-2025-51846 was published Apr 30, 2026
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero... High Unreviewed
CVE-2026-33845 was published Apr 30, 2026
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows... Critical Unreviewed
CVE-2026-36760 was published Apr 30, 2026
A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite... Moderate Unreviewed
CVE-2026-36761 was published Apr 30, 2026
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the... Critical Unreviewed
CVE-2025-71284 was published Apr 30, 2026
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows... Critical Unreviewed
CVE-2026-36767 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of... Moderate Unreviewed
CVE-2026-36764 was published Apr 30, 2026
A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2... Moderate Unreviewed
CVE-2026-36759 was published Apr 30, 2026
Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to... Moderate Unreviewed
CVE-2026-38940 was published Apr 30, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database