Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,486
Maven
5,000+
npm
5,000+
NuGet
889
pip
4,742
Pub
13
RubyGems
1,032
Rust
1,226
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12,002 advisories

Loading
The bson_validate function may return early on specific inputs and incorrectly report success.... Moderate Unreviewed
CVE-2026-6231 was published Apr 13, 2026
Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2026-34855 was published Apr 13, 2026
nimiq-blockchain is missing a wall-clock upper bound on block timestamps Critical
CVE-2026-40093 was published for nimiq-blockchain (Rust) Apr 10, 2026
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern Moderate
GHSA-vj8v-p5vw-m6v5 was published for xrootd (pip) Apr 10, 2026
Rydzz7 Credited to Rydzz7 and abh3 abh3 abh3
Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble High
CVE-2026-40162 was published for bugsink (pip) Apr 10, 2026
DongyangLyu Credited to DongyangLyu
LXD: Importing a crafted backup leads to project restriction bypass Critical
CVE-2026-34178 was published for github.com/canonical/lxd (Go) Apr 10, 2026
mpurg Credited to mpurg
justhtml includes multiple security fixes Moderate
GHSA-c9vm-hv86-f23r was published for justhtml (pip) Apr 10, 2026
EmilStenstrom Credited to EmilStenstrom
wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM... High Unreviewed
CVE-2026-5500 was published Apr 10, 2026
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved... High Unreviewed
CVE-2026-33797 was published Apr 10, 2026
Apache Tomcat has an Improper Input Validation vulnerability Moderate
CVE-2026-32990 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability... High Unreviewed
CVE-2026-5329 was published Apr 9, 2026
OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts Moderate
GHSA-q2gc-xjqw-qp89 was published for openclaw (npm) Apr 9, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55... Moderate Unreviewed
CVE-2026-5919 was published Apr 9, 2026
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55... High Unreviewed
CVE-2026-5915 was published Apr 9, 2026
Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0... Unknown Unreviewed
CVE-2026-5885 was published Apr 9, 2026
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147... Unknown Unreviewed
CVE-2026-5887 was published Apr 9, 2026
Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55... High Unreviewed
CVE-2026-5884 was published Apr 9, 2026
Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727... High Unreviewed
CVE-2026-5879 was published Apr 9, 2026
LangChain has incomplete f-string validation in prompt templates Moderate
CVE-2026-40087 was published for langchain-core (pip) Apr 8, 2026
stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution High
CVE-2026-31040 was published for stata-mcp (pip) Apr 8, 2026
Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Moderate
GHSA-xmrv-pmrh-hhx2 was published for github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream (Go) Apr 8, 2026
Hono: Non-breaking space prefix bypass in cookie name handling in getCookie() Moderate
CVE-2026-39410 was published for hono (npm) Apr 8, 2026
tikitiki0370 Credited to tikitiki0370
OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections Moderate
GHSA-fh32-73r9-rgh5 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771
Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans High
CVE-2026-34197 was published for org.apache.activemq:activemq-all (Maven) Apr 7, 2026
filipecamargos Credited to filipecamargos
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980,... High Unreviewed
CVE-2025-57834 was published Apr 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database