Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,472 advisories

Loading
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that... Critical Unreviewed
CVE-2018-25254 was published Apr 4, 2026
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2016-20052 was published Apr 4, 2026
pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992) Critical
CVE-2026-35459 was published for pyload-ng (pip) Apr 4, 2026
kodareef5 Credited to kodareef5
Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step Critical
CVE-2026-35216 was published for @budibase/server (npm) Apr 4, 2026
da7om85 Credited to da7om85
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow... Critical Unreviewed
CVE-2026-35616 was published Apr 4, 2026
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE... Critical Unreviewed
CVE-2018-25236 was published Apr 4, 2026
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in... Critical Unreviewed
CVE-2018-25237 was published Apr 4, 2026
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6... Critical Unreviewed
CVE-2021-4477 was published Apr 4, 2026
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation... Critical Unreviewed
CVE-2017-20236 was published Apr 4, 2026
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication... Critical Unreviewed
CVE-2017-20235 was published Apr 4, 2026
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that... Critical Unreviewed
CVE-2017-20234 was published Apr 4, 2026
LiteLLM: Authentication bypass via OIDC userinfo cache key collision Critical
CVE-2026-35030 was published for litellm (pip) Apr 3, 2026
veria-labs Credited to veria-labs
goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Critical
CVE-2026-35471 was published for github.com/patrickhener/goshs (Go) Apr 3, 2026
autobot23920 Credited to autobot23920
SandboxJS: Sandbox integrity escape Critical
CVE-2026-34208 was published for @nyariv/sandboxjs (npm) Apr 3, 2026
fancymalware Credited to fancymalware
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity Critical
CVE-2026-33950 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist Critical
CVE-2026-31818 was published for @budibase/backend-core (npm) Apr 3, 2026
Moonster8282 Credited to Moonster8282
Improper certificate validation in the identity provider connection components in Amazon Athena... Critical Unreviewed
CVE-2026-35560 was published Apr 3, 2026
Insufficient authentication security controls in the browser-based authentication components in... Critical Unreviewed
CVE-2026-35561 was published Apr 3, 2026
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the... Critical Unreviewed
CVE-2026-25197 was published Apr 3, 2026
A specific endpoint exposes all user account information for registered Gardyn users without... Critical Unreviewed
CVE-2026-28766 was published Apr 3, 2026
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication... Critical Unreviewed
CVE-2017-20237 was published Apr 3, 2026
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by... Critical Unreviewed
CVE-2026-0545 was published Apr 3, 2026
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal... Critical Unreviewed
CVE-2026-28373 was published Apr 3, 2026
Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through... Critical Unreviewed
CVE-2026-5463 was published Apr 3, 2026
goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload Critical
CVE-2026-35393 was published for github.com/patrickhener/goshs (Go) Apr 3, 2026
autobot23920 Credited to autobot23920
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database