Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12,024 advisories

Loading
OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures... High Unreviewed
CVE-2026-30077 was published Mar 30, 2026
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file... Moderate Unreviewed
CVE-2026-29909 was published Mar 30, 2026
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval Moderate
CVE-2026-33029 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body` Critical
CVE-2026-34243 was published for njzjz/wenxian (GitHub Actions) Mar 29, 2026
choseogyeong Credited to choseogyeong
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is... High Unreviewed
CVE-2026-4987 was published Mar 28, 2026
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction High
GHSA-mvm6-f9r3-fgfx was published for AWSSDK.CloudFront (NuGet) Mar 27, 2026
Kirby CMS has Persistent DoS via Malformed Image Upload Moderate
CVE-2026-29905 was published for getkirby/cms (Composer) Mar 27, 2026
Stalin-143 Credited to Stalin-143
AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities High
GHSA-443w-3rq3-5m5h was published for software.amazon.awssdk:cloudfront (Maven) Mar 27, 2026
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters High
GHSA-27qh-8cxx-2cr5 was published for aws/aws-sdk-php (Composer) Mar 27, 2026
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in... High Unreviewed
CVE-2026-30576 was published Mar 27, 2026
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in... High Unreviewed
CVE-2026-30575 was published Mar 27, 2026
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys Moderate
CVE-2026-33936 was published for ecdsa (pip) Mar 27, 2026
0xmrma Credited to 0xmrma
In its design for automatic terminal command execution, AI Code offers two options: Execute safe... Critical Unreviewed
CVE-2026-30304 was published Mar 27, 2026
A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7... High Unreviewed
CVE-2025-69986 was published Mar 27, 2026
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be... High Unreviewed
CVE-2025-59032 was published Mar 27, 2026
When sending invalid base64 SASL data, login process is disconnected from the auth server,... Moderate Unreviewed
CVE-2025-59028 was published Mar 27, 2026
Forge has signature forgery in RSA-PKCS due to ASN.1 extra field High
CVE-2026-33894 was published for node-forge (npm) Mar 26, 2026
corbanvilla Credited to corbanvilla, dderpym, and soh3e dderpym dderpym
soh3e soh3e
Statamic's Markdown preview endpoint exposes sensitive user data Moderate
CVE-2026-33882 was published for statamic/cms (Composer) Mar 26, 2026
joshuaalwin Credited to joshuaalwin
Astro: Remote allowlist bypass via unanchored matchPathname wildcard Low
CVE-2026-33769 was published for astro (npm) Mar 26, 2026
christos-eth Credited to christos-eth
OpenBao has Reflected XSS in its OIDC authentication error message Critical
CVE-2026-33758 was published for github.com/openbao/openbao (Go) Mar 26, 2026
gianklug Credited to gianklug
OpenFGA has an Authorization Bypass through cached keys Moderate
CVE-2026-33729 was published for github.com/openfga/openfga (Go) Mar 26, 2026
justincoh Credited to justincoh and saad-h1 saad-h1 saad-h1
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject... Low Unreviewed
CVE-2025-55270 was published Mar 26, 2026
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the... Moderate Unreviewed
CVE-2026-4860 was published Mar 26, 2026
LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern High
CVE-2026-33287 was published for liquidjs (npm) Mar 25, 2026
koDove Credited to koDove
LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash High
CVE-2026-33285 was published for liquidjs (npm) Mar 25, 2026
koDove Credited to koDove
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database