Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12,052 advisories

Loading
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses Critical
GHSA-wpqr-6v78-jr5g was published for @google/gemini-cli (GitHub Actions) Apr 24, 2026
DanusMinimus Credited to DanusMinimus
k8sGPT has Prompt Injection through its k8sGPT-Operator High
GHSA-rp7v-4384-hfrp was published for github.com/k8sgpt-ai/k8sgpt (Go) Apr 24, 2026
haruki3hhh Credited to haruki3hhh
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution High
CVE-2026-40068 was published for @anthropic-ai/claude-code (npm) Apr 24, 2026
Improper Input Validation, Improper Control of Generation of Code ('Code Injection')... High Unreviewed
CVE-2026-41044 was published Apr 24, 2026
Improper Input Validation, Improper Control of Generation of Code ('Code Injection')... High Unreviewed
CVE-2026-40466 was published Apr 24, 2026
The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions... Moderate Unreviewed
CVE-2026-1782 was published Apr 22, 2026
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command... Low Unreviewed
CVE-2026-35377 was published Apr 22, 2026
A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret... Moderate Unreviewed
CVE-2026-35380 was published Apr 22, 2026
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs... Moderate Unreviewed
CVE-2026-35347 was published Apr 22, 2026
An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1... Moderate Unreviewed
CVE-2026-35369 was published Apr 22, 2026
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5... Moderate Unreviewed
CVE-2026-31192 was published Apr 22, 2026
Vulnerability in Spring Spring Security. When an application configures JWT decoding with... Moderate Unreviewed
CVE-2026-22748 was published Apr 22, 2026
Neko has a Self-service Privilege Escalation for Authenticated Users High
CVE-2026-39386 was published for github.com/m1k1o/neko/server (Go) Apr 21, 2026
blitzkrieg-patch Credited to blitzkrieg-patch
Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6777 was published Apr 21, 2026
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6779 was published Apr 21, 2026
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths Critical
CVE-2026-32604 was published for io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo (Maven) Apr 21, 2026
LeftenantZero Credited to LeftenantZero and jasonmcintosh jasonmcintosh jasonmcintosh
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset... High Unreviewed
CVE-2025-13826 was published Apr 21, 2026
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-6675 was published Apr 21, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0... High Unreviewed
CVE-2026-24504 was published Apr 20, 2026
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation... High Unreviewed
CVE-2026-24505 was published Apr 20, 2026
Cockpit has NoSQL Injection Through Content Aggregation Pipelines Low
CVE-2026-6626 was published for cockpit-hq/cockpit (Composer) Apr 20, 2026
Improper input validation, Improper verification of cryptographic signature vulnerability in... High Unreviewed
CVE-2026-6328 was published Apr 17, 2026
Flowise: Parameter Override Bypass Remote Command Execution High
CVE-2026-41268 was published for flowise (npm) Apr 16, 2026
retpoline Credited to retpoline
Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association High
CVE-2026-41267 was published for flowise (npm) Apr 16, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database