GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
329,507 advisories
OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
High
CVE-2026-41883
was published
for
org.omnifaces:omnifaces
(Maven)
Apr 16, 2026
Pillow affected by out-of-bounds write when loading PSD images
High
CVE-2026-25990
was published
for
pillow
(pip)
Feb 11, 2026
Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
High
CVE-2026-35569
was published
for
apostrophe
(npm)
Apr 16, 2026
Inspektor Gadget: Command Injection via malicious buildOptions manipulation
Moderate
CVE-2026-24905
was published
for
github.com/inspektor-gadget/inspektor-gadget
(Go)
Apr 22, 2026
CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS
Moderate
CVE-2026-41201
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 22, 2026
OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter
Moderate
CVE-2026-42191
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 30, 2026
CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS
Critical
CVE-2026-35035
was published
for
ci4-cms-erp/ci4ms
(Composer)
Apr 6, 2026
Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload
Moderate
CVE-2026-29905
was published
for
getkirby/cms
(Composer)
Mar 27, 2026
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API