Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,557 advisories

Loading
Mattermost allows a removed team member to enumerate all public channels within a private team Moderate
CVE-2026-2458 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to limit the size of responses from integration action endpoints Moderate
CVE-2026-2456 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to filter invite IDs based on user permissions Moderate
CVE-2026-2463 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Vulnogram contains a stored cross-site scripting vulnerability in comment hypertext handling Moderate
CVE-2026-32774 was published for vulnogram (npm) Mar 16, 2026
Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications Moderate
CVE-2026-2461 was published for github.com/mattermost/mattermost-plugin-boards (Go) Mar 16, 2026
Mattermost fails to properly handle very long passwords High
CVE-2026-24458 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to bound memory allocation when processing PSD image files Moderate
CVE-2026-26246 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to properly validate User-Agent header tokens Moderate
CVE-2026-25783 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to bound memory allocation when processing DOC files Moderate
CVE-2026-25780 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost allows attackers to spoof permalink embeds Moderate
CVE-2026-2457 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Apache Spark: Spark History Server Code Execution Vulnerability High
CVE-2025-54920 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 16, 2026
MLflow has a command injection in mlflow/sagemaker/__init__.py High
CVE-2025-14287 was published for mlflow (pip) Mar 16, 2026
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle High
CVE-2026-28490 was published for authlib (pip) Mar 16, 2026
Pr00fOf3xpl0it Credited to Pr00fOf3xpl0it and Jaynornj Jaynornj Jaynornj
Authlib JWS JWK Header Injection: Signature Verification Bypass Critical
CVE-2026-27962 was published for authlib (pip) Mar 16, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback Low
CVE-2026-27448 was published for pyopenssl (pip) Mar 16, 2026
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames Critical
CVE-2026-25534 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Mar 16, 2026
jaydhulia Credited to jaydhulia and jasonmcintosh jasonmcintosh jasonmcintosh
FastMCP OAuth Proxy token reuse across MCP servers High
CVE-2025-69196 was published for fastmcp (pip) Mar 16, 2026
an7y Credited to an7y
Apache Livy: Restrict file access Moderate
CVE-2025-60012 was published for org.apache.livy:livy-server (Maven) Mar 13, 2026
Apache Livy: Unauthorized directory access Moderate
CVE-2025-66249 was published for org.apache.livy:livy-server (Maven) Mar 13, 2026
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control High
CVE-2026-32720 was published for github.com/ctfer-io/monitoring (Go) Mar 13, 2026
ViRb3 Credited to ViRb3
fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE` Moderate
GHSA-5cxw-w2xg-2m8h was published for fickling (pip) Mar 13, 2026
mldangelo Credited to mldangelo
fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist Moderate
GHSA-r48f-3986-4f9c was published for fickling (pip) Mar 13, 2026
fg0x0 Credited to fg0x0
@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script High
CVE-2026-4092 was published for @google/clasp (npm) Mar 13, 2026
g0w6y Credited to g0w6y
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion High
CVE-2026-32933 was published for AutoMapper (NuGet) Mar 13, 2026
skdishansachin Credited to skdishansachin, jbogard, and nicky-dilemmagroep jbogard jbogard
nicky-dilemmagroep nicky-dilemmagroep
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB Moderate
CVE-2026-32704 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 13, 2026
fg0x0 Credited to fg0x0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database