Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5,385 advisories

Loading
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation... Moderate Unreviewed
CVE-2026-27299 was published Apr 15, 2026
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-32201 was published Apr 14, 2026
Improper input validation in Windows Hello allows an authorized attacker to bypass a security... Moderate Unreviewed
CVE-2026-27906 was published Apr 14, 2026
The bson_validate function may return early on specific inputs and incorrectly report success.... Moderate Unreviewed
CVE-2026-6231 was published Apr 13, 2026
Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2026-34855 was published Apr 13, 2026
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern Moderate
GHSA-vj8v-p5vw-m6v5 was published for xrootd (pip) Apr 10, 2026
Rydzz7 Credited to Rydzz7 and abh3 abh3 abh3
justhtml includes multiple security fixes Moderate
GHSA-c9vm-hv86-f23r was published for justhtml (pip) Apr 10, 2026
EmilStenstrom Credited to EmilStenstrom
Apache Tomcat has an Improper Input Validation vulnerability Moderate
CVE-2026-32990 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94
OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts Moderate
GHSA-q2gc-xjqw-qp89 was published for openclaw (npm) Apr 9, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147... Moderate Unreviewed
CVE-2026-5887 was published Apr 9, 2026
Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0... Moderate Unreviewed
CVE-2026-5885 was published Apr 9, 2026
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55... Moderate Unreviewed
CVE-2026-5919 was published Apr 9, 2026
LangChain has incomplete f-string validation in prompt templates Moderate
CVE-2026-40087 was published for langchain-core (pip) Apr 8, 2026
Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Moderate
GHSA-xmrv-pmrh-hhx2 was published for github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream (Go) Apr 8, 2026
Hono: Non-breaking space prefix bypass in cookie name handling in getCookie() Moderate
CVE-2026-39410 was published for hono (npm) Apr 8, 2026
tikitiki0370 Credited to tikitiki0370
OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections Moderate
GHSA-fh32-73r9-rgh5 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function... Moderate Unreviewed
CVE-2026-5659 was published Apr 6, 2026
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function... Moderate Unreviewed
CVE-2026-5536 was published Apr 5, 2026
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow Moderate
CVE-2026-35410 was published for directus (npm) Apr 4, 2026
POV9en Credited to POV9en
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows Moderate
CVE-2026-34773 was published for electron (npm) Apr 3, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from... Moderate Unreviewed
CVE-2026-29137 was published Apr 2, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag... Moderate Unreviewed
CVE-2026-29135 was published Apr 2, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with... Moderate Unreviewed
CVE-2026-29133 was published Apr 2, 2026
AIOHTTP accepts duplicate Host headers Moderate
CVE-2026-34525 was published for aiohttp (pip) Apr 1, 2026
5yu4n Credited to 5yu4n, rodrigobnogueira, and bdraco rodrigobnogueira rodrigobnogueira
bdraco bdraco
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the... Moderate Unreviewed
CVE-2026-30523 was published Apr 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database