Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

123,999 advisories

Loading
SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and... High Unreviewed
CVE-2026-5403 was published May 1, 2026
A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is... High Unreviewed
CVE-2026-7513 was published May 1, 2026
RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of... High Unreviewed
CVE-2026-5405 was published May 1, 2026
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function... High Unreviewed
CVE-2026-7512 was published May 1, 2026
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of... High Unreviewed
CVE-2026-5656 was published May 1, 2026
A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is... High Unreviewed
CVE-2026-7503 was published May 1, 2026
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command... High Unreviewed
CVE-2026-7551 was published May 1, 2026
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary... High Unreviewed
CVE-2026-6543 was published May 1, 2026
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource... High Unreviewed
CVE-2026-6389 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert... High Unreviewed
CVE-2026-31431 was published Apr 22, 2026
CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50.... High Unreviewed
CVE-2026-40950 was published Apr 30, 2026
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view... High Unreviewed
CVE-2026-4503 was published Apr 30, 2026
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the... High Unreviewed
CVE-2026-7435 was published Apr 30, 2026
CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client... High Unreviewed
CVE-2026-33451 was published Apr 30, 2026
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume... High Unreviewed
CVE-2026-7461 was published Apr 30, 2026
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was... High Unreviewed
CVE-2026-37555 was published Apr 29, 2026
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ... High Unreviewed
CVE-2026-1875 was published Mar 3, 2026
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ... High Unreviewed
CVE-2026-1876 was published Mar 3, 2026
Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API High
CVE-2026-42137 was published for getkirby/cms (Composer) Apr 30, 2026
locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor High
CVE-2026-41886 was published for locize (npm) Apr 22, 2026
Contras Affected by CopyFile Policy Subversion via Symlinks High
GHSA-rh99-wc69-c255 was published for github.com/edgelesssys/contrast (Go) Apr 30, 2026
Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets) High
CVE-2026-42461 was published for github.com/getarcaneapp/arcane/backend (Go) Apr 30, 2026
OmniFaces: EL injection via crafted resource name in wildcard CDN mapping High
CVE-2026-41883 was published for org.omnifaces:omnifaces (Maven) Apr 16, 2026
clapbr Credited to clapbr
i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite High
CVE-2026-41693 was published for i18next-fs-backend (npm) Apr 22, 2026
i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters High
CVE-2026-41690 was published for i18next-http-middleware (npm) Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database