Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,998 advisories

Loading
Glances exposes the REST API without authentication High
CVE-2026-32596 was published for Glances (pip) Mar 16, 2026
DhiyaneshGeek Credited to DhiyaneshGeek
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack High
CVE-2026-28500 was published for onnx (pip) Mar 16, 2026
ZeroXJacks Credited to ZeroXJacks
LeafKit's HTML escaping may be skipped for Collection values, enabling XSS Moderate
CVE-2026-28499 was published for leaf-kit (Swift) Mar 16, 2026
iCMDdev Credited to iCMDdev, gwynne, and 0xTim gwynne gwynne
0xTim 0xTim
pyOpenSSL DTLS cookie callback buffer overflow High
CVE-2026-27459 was published for pyopenssl (pip) Mar 16, 2026
justlife4x4 Credited to justlife4x4
Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter High
CVE-2026-29112 was published for @dicebear/converter (npm) Mar 16, 2026
maru1009 Credited to maru1009
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding High
CVE-2026-28498 was published for authlib (pip) Mar 16, 2026
Pr00fOf3xpl0it Credited to Pr00fOf3xpl0it and Jaynornj Jaynornj Jaynornj
Mattermost fails to validate user's authentication method when processing account auth type switch Low
CVE-2026-22545 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation Moderate
CVE-2026-2455 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to properly enforce read permissions in search API endpoints Moderate
CVE-2026-24692 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Vanna has a SQL injection in the remove_training_data function Moderate
CVE-2026-4229 was published for vanna (pip) Mar 16, 2026
Mattermost fails to use consistent error responses when handling the /mute command Moderate
CVE-2026-21386 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to validate team-specific upload_file permissions Moderate
CVE-2026-4265 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Aureus ERP vulnerable to cross-site scripting in the Chatter Message Handler Moderate
CVE-2026-4175 was published for aureuserp/aureuserp (Composer) Mar 16, 2026
Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications Moderate
CVE-2026-2461 was published for github.com/mattermost/mattermost-plugin-boards (Go) Mar 16, 2026
Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values High
CVE-2026-2476 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Mar 16, 2026
Vulnogram contains a stored cross-site scripting vulnerability in comment hypertext handling Moderate
CVE-2026-32774 was published for vulnogram (npm) Mar 16, 2026
Mattermost fails to preserve the redacted state of burn-on-read posts during deletion Moderate
CVE-2026-2578 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to limit the size of responses from integration action endpoints Moderate
CVE-2026-2456 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost allows a removed team member to enumerate all public channels within a private team Moderate
CVE-2026-2458 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to filter invite IDs based on user permissions Moderate
CVE-2026-2463 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to properly validate User-Agent header tokens Moderate
CVE-2026-25783 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to bound memory allocation when processing PSD image files Moderate
CVE-2026-26246 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost allows attackers to spoof permalink embeds Moderate
CVE-2026-2457 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to properly handle very long passwords High
CVE-2026-24458 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to bound memory allocation when processing DOC files Moderate
CVE-2026-25780 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database