Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

14,079 advisories

Loading
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm. Low Unreviewed
CVE-2026-44405 was published May 6, 2026
ciguard: Web UI is missing HTTP defence-in-depth headers Low
GHSA-7ww3-xvf5-cxwm was published for ciguard (pip) May 5, 2026
ciguard: discover_pipeline_files follows symlinks out of scan root Low
CVE-2026-44220 was published for ciguard (pip) May 5, 2026
ciguard: Container image runs as root (no USER directive) Low
CVE-2026-44218 was published for ciguard (pip) May 5, 2026
parse-server: MFA SMS one-time password accepted twice under concurrent login Low
CVE-2026-43930 was published for parse-server (npm) May 5, 2026
adrgs Credited to adrgs, aisafe-bot, and mtrezza aisafe-bot aisafe-bot
mtrezza mtrezza
Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser Low
CVE-2026-42188 was published for org.geysermc.geyser:core (Maven) May 5, 2026
mugi-sec Credited to mugi-sec and onebeastchris onebeastchris onebeastchris
OpenBao's Namespace Deletion May Not Delete Data Properly Low
CVE-2026-42186 was published for github.com/openbao/openbao (Go) May 5, 2026
cipherboy Credited to cipherboy
External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore Low
CVE-2026-42875 was published for github.com/external-secrets/external-secrets (Go) May 5, 2026
moolen Credited to moolen
Microdot has HTTP response splitting in Response.set_cookie() Low
CVE-2026-42874 was published for microdot (pip) May 5, 2026
luantq0 Credited to luantq0
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected... Low Unreviewed
CVE-2026-7847 was published May 5, 2026
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the... Low Unreviewed
CVE-2026-7845 was published May 5, 2026
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache... Low Unreviewed
CVE-2026-6907 was published May 5, 2026
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is... Low Unreviewed
CVE-2026-7846 was published May 5, 2026
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This... Low Unreviewed
CVE-2026-7844 was published May 5, 2026
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary... Low Unreviewed
CVE-2026-35192 was published May 5, 2026
A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an... Low Unreviewed
CVE-2026-7822 was published May 5, 2026
A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the... Low Unreviewed
CVE-2026-7783 was published May 5, 2026
A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the... Low Unreviewed
CVE-2026-7780 was published May 5, 2026
A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the... Low Unreviewed
CVE-2026-7781 was published May 5, 2026
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function... Low Unreviewed
CVE-2026-7782 was published May 5, 2026
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Low
CVE-2026-42040 was published for axios (npm) May 5, 2026
August829 Credited to August829
sequoia-git has broken hard revocation handling Low
GHSA-g27r-r6ph-vf5r was published for sequoia-git (Rust) May 4, 2026
net-imap has quadratic complexity when reading response literals Low
CVE-2026-42245 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function... Low Unreviewed
CVE-2026-7779 was published May 4, 2026
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over... Low Unreviewed
CVE-2026-43964 was published May 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database