Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
47
Go
3,296
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,527
Pub
12
RubyGems
1,008
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,672 advisories

Loading
Langflow has Remote Code Execution in CSV Agent Critical
CVE-2026-27966 was published for langflow (pip) Feb 27, 2026
weblover12 Credited to weblover12, andifilhohub, and Adam-Aghili andifilhohub andifilhohub
Adam-Aghili Adam-Aghili
uv has ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-13327 was published for uv (Rust) Feb 27, 2026
rubyipmi is vulnerable to OS Command Injection through malicious usernames High
CVE-2026-0980 was published for rubyipmi (RubyGems) Feb 27, 2026
Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes Moderate
CVE-2026-0871 was published for org.keycloak:keycloak-server-spi-private (Maven) Feb 27, 2026
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass Low
CVE-2025-12150 was published for org.keycloak:keycloak-services (Maven) Feb 27, 2026
Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner Low
CVE-2026-3293 was published for net.snowflake:snowflake-jdbc (Maven) Feb 27, 2026
OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection Critical
CVE-2026-28370 was published for vitrage (pip) Feb 27, 2026
OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode Critical
CVE-2026-28363 was published for openclaw (npm) Feb 27, 2026
PSI Probe: Broken access control can lead to DoS Low
CVE-2026-3269 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
PSI Probe vulnerable to Server-Side Request Forgery Low
CVE-2026-3270 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
Vitess users with backup storage access can gain unauthorized access to production deployment environments High
CVE-2026-27965 was published for vitess.io/vitess (Go) Feb 26, 2026
NeuroWinter Credited to NeuroWinter
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations Moderate
CVE-2026-22728 was published for github.com/bitnami-labs/sealed-secrets (Go) Feb 26, 2026
1seal Credited to 1seal
Curio exposes database credentials to users with network access through verbose HTTP error responses High
GHSA-gj6x-q8rh-wj6x was published for github.com/filecoin-project/curio (Go) Feb 26, 2026
n8n has Webhook Forgery on Zendesk Trigger Node Moderate
GHSA-38c7-23hj-2wgq was published for n8n (npm) Feb 26, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
n8n has a Guardrail Node Bypass Moderate
GHSA-fvfv-ppw4-7h2w was published for n8n (npm) Feb 26, 2026
akirilov Credited to akirilov
n8n has an Authentication Bypass in its Chat Trigger Node Moderate
GHSA-jh8h-6c9q-7gmw was published for n8n (npm) Feb 26, 2026
sm1ee Credited to sm1ee
n8n has an SSO Enforcement Bypass in its Self-Service Settings API Moderate
GHSA-vjf3-2gpj-233v was published for n8n (npm) Feb 26, 2026
stanislavfortaisle Credited to stanislavfortaisle
Koa has Host Header Injection via ctx.hostname High
CVE-2026-27959 was published for koa (npm) Feb 26, 2026
p80n-sec Credited to p80n-sec
Copyparty vulnerable to reflected XSS via setck parameter Moderate
CVE-2026-27948 was published for copyparty (pip) Feb 26, 2026
iiDk-the-actual Credited to iiDk-the-actual
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder Low
CVE-2026-27942 was published for fast-xml-parser (npm) Feb 26, 2026
julianladisch Credited to julianladisch
Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers Moderate
CVE-2026-27902 was published for svelte (npm) Feb 26, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github, KarimPwnz, and maksyche KarimPwnz KarimPwnz
maksyche maksyche
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent` Moderate
CVE-2026-27901 was published for svelte (npm) Feb 26, 2026
paoloricciuti Credited to paoloricciuti, elliott-with-the-longest-name-on-github, and KarimPwnz elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
KarimPwnz KarimPwnz
WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level High
CVE-2026-27899 was published for github.com/h44z/wg-portal (Go) Feb 26, 2026
gregtuc Credited to gregtuc
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity High
CVE-2026-27896 was published for github.com/modelcontextprotocol/go-sdk (Go) Feb 26, 2026
anaximand3r Credited to anaximand3r
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup Moderate
CVE-2026-27839 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database