Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,627
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,848
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

123,982 advisories

Loading
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability... High Unreviewed
CVE-2022-50992 was published Apr 30, 2026
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege... High Unreviewed
CVE-2026-5174 was published Apr 30, 2026
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can... High Unreviewed
CVE-2025-51846 was published Apr 30, 2026
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero... High Unreviewed
CVE-2026-33845 was published Apr 30, 2026
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary... High Unreviewed
CVE-2026-36340 was published Apr 30, 2026
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U... High Unreviewed
CVE-2026-36960 was published Apr 30, 2026
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core... High Unreviewed
CVE-2025-14543 was published Apr 30, 2026
Clerk has an authorization bypass when combining organization, billing, or reverification checks High
CVE-2026-42349 was published for @clerk/astro (npm) Apr 30, 2026
n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders High
CVE-2026-42449 was published for n8n-mcp (npm) Apr 30, 2026
manthanghasadiya Credited to manthanghasadiya
Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation High
GHSA-83hf-93m4-rgwq was published for hickory-recursor (Rust) Apr 30, 2026
qifan-sailboat Credited to qifan-sailboat
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS High
CVE-2026-40171 was published for @jupyter-notebook/help-extension (npm) Apr 30, 2026
dtrops Credited to dtrops, Carreau, Yann-P, krassowski, and jtpio Carreau Carreau
Yann-P Yann-P krassowski krassowski jtpio jtpio
Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL High
CVE-2026-39383 was published for github.com/gotenberg/gotenberg/v8 (Go) Apr 30, 2026
S-Senhaji Credited to S-Senhaji
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code... High Unreviewed
CVE-2025-14576 was published Apr 30, 2026
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all... High Unreviewed
CVE-2026-2892 was published Apr 30, 2026
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro... High Unreviewed
CVE-2024-13971 was published Apr 30, 2026
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc... High Unreviewed
CVE-2026-7399 was published Apr 30, 2026
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS... High Unreviewed
CVE-2026-7402 was published Apr 30, 2026
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via... High Unreviewed
CVE-2026-36957 was published Apr 30, 2026
U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the... High Unreviewed
CVE-2026-36959 was published Apr 30, 2026
A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a... High Unreviewed
CVE-2026-36958 was published Apr 30, 2026
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the... High Unreviewed
CVE-2026-36956 was published Apr 30, 2026
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1... High Unreviewed
CVE-2026-41882 was published Apr 30, 2026
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client... High Unreviewed
CVE-2026-42800 was published Apr 30, 2026
Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This... High Unreviewed
CVE-2026-42799 was published Apr 30, 2026
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. High Unreviewed
CVE-2026-22070 was published Apr 30, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database