Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

10,636 advisories

Loading
The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2026-7636 was published May 22, 2026
There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration... Moderate Unreviewed
CVE-2026-44409 was published May 22, 2026
Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing... Moderate Unreviewed
CVE-2026-6826 was published May 21, 2026
@sveltejs/kit: `query.batch` cross-talk Moderate
GHSA-hgv7-v322-mmgr was published for @sveltejs/kit (npm) May 21, 2026
rafabd1 Credited to rafabd1, elliott-with-the-longest-name-on-github, and dummdidumm elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
dummdidumm dummdidumm
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or... Low Unreviewed
CVE-2025-31985 was published May 20, 2026
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2026-6728 was published May 20, 2026
The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via ... Moderate Unreviewed
CVE-2026-5075 was published May 20, 2026
FileBrowser Quantum: unauthenticated user share share info High
CVE-2026-46410 was published for github.com/gtsteffaniak/filebrowser (Go) May 19, 2026
Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation Moderate
GHSA-m23h-6mwm-39m8 was published for github.com/kong/kubernetes-ingress-controller (Go) May 19, 2026
bugbunny-research Credited to bugbunny-research
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another... Moderate Unreviewed
CVE-2026-8706 was published May 19, 2026
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs High
CVE-2026-45793 was published for composer/composer (Composer) May 19, 2026
damienwebdev Credited to damienwebdev and kesselb kesselb kesselb
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs Low
CVE-2026-45739 was published for strawberry-graphql (pip) May 19, 2026
lpschroer Credited to lpschroer, bellini666, and patrick91 bellini666 bellini666
patrick91 patrick91
Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations Moderate
CVE-2026-45737 was published for github.com/argoproj/argo-cd/v3 (Go) May 19, 2026
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox... High Unreviewed
CVE-2026-8967 was published May 19, 2026
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151. High Unreviewed
CVE-2026-8966 was published May 19, 2026
Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151. High Unreviewed
CVE-2026-8965 was published May 19, 2026
HAXcms: Private Key Disclosure via Broken HMAC Implementation Critical
CVE-2026-46395 was published for @haxtheweb/haxcms-nodejs (npm) May 19, 2026
shreyas-challa Credited to shreyas-challa
Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication Moderate
GHSA-9v4j-7g44-qcqw was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This... High Unreviewed
CVE-2026-31909 was published May 19, 2026
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control... Moderate Unreviewed
CVE-2026-44408 was published May 19, 2026
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text() High
CVE-2026-45553 was published for nicegui (pip) May 18, 2026
dennyabrahamsinaga Credited to dennyabrahamsinaga, falkoschindler, h3ri0s, and evnchn falkoschindler falkoschindler
h3ri0s h3ri0s evnchn evnchn
OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure Low
CVE-2026-45683 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
async-http-client: Cookie header not stripped on cross-origin redirect High
CVE-2026-45300 was published for org.asynchttpclient:async-http-client (Maven) May 18, 2026
tndud042713 Credited to tndud042713
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker... High Unreviewed
CVE-2026-39079 was published May 18, 2026
Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree High
CVE-2026-45539 was published for apm (pip) May 18, 2026
thesmartshadow Credited to thesmartshadow
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database