Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,232
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,505
Pub
12
RubyGems
996
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

152,736 advisories

Loading
Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023-04-26), contains a... Moderate Unreviewed
CVE-2026-32843 was published Mar 19, 2026
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs... Moderate Unreviewed
CVE-2026-4426 was published Mar 19, 2026
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request... Moderate Unreviewed
CVE-2025-71258 was published Mar 19, 2026
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request... Moderate Unreviewed
CVE-2025-71259 was published Mar 19, 2026
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass... Moderate Unreviewed
CVE-2025-71257 was published Mar 19, 2026
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content... Moderate Unreviewed
CVE-2026-2369 was published Mar 19, 2026
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service Moderate
GHSA-4fcp-jxh7-23x8 was published for github.com/tomwright/dasel/v3 (Go) Mar 19, 2026
kq5y Credited to kq5y
AVideo has Unauthenticated PGP Message Decryption via Public Endpoint Moderate
GHSA-5x2w-37xf-7962 was published for wwbn/avideo (Composer) Mar 19, 2026
fg0x0 Credited to fg0x0
AVideo has an OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command Moderate
GHSA-w5ff-2mjc-4phc was published for wwbn/avideo (Composer) Mar 19, 2026
restriction Credited to restriction
AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem Enumeration Moderate
CVE-2026-33238 was published for wwbn/avideo (Composer) Mar 19, 2026
restriction Credited to restriction
AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation Moderate
CVE-2026-33237 was published for wwbn/avideo (Composer) Mar 19, 2026
restriction Credited to restriction
Juju affected by timing ownership claim attack on new external back-end secrets Moderate
CVE-2026-32691 was published for github.com/juju/juju (Go) Mar 19, 2026
hpidcock Credited to hpidcock
Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows... Moderate Unreviewed
CVE-2025-14716 was published Mar 19, 2026
Improper neutralization of input during web page generation ('cross-site scripting')... Moderate Unreviewed
CVE-2025-62043 was published Mar 19, 2026
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage... Moderate Unreviewed
CVE-2026-21788 was published Mar 19, 2026
Missing Authorization vulnerability in UiPress UiPress lite allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27091 was published Mar 19, 2026
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2026-2571 was published Mar 19, 2026
The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-4006 was published Mar 19, 2026
The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery... Moderate Unreviewed
CVE-2026-4068 was published Mar 19, 2026
The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary... Moderate Unreviewed
CVE-2026-3475 was published Mar 19, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS allows... Moderate Unreviewed
CVE-2025-32223 was published Mar 19, 2026
The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored... Moderate Unreviewed
CVE-2026-4120 was published Mar 19, 2026
Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting... Moderate Unreviewed
CVE-2026-28070 was published Mar 19, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Really Simple Plugins B.V.... Moderate Unreviewed
CVE-2026-27397 was published Mar 19, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-28044 was published Mar 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database