Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12,000 advisories

Loading
nimiq-blockchain is missing a wall-clock upper bound on block timestamps Critical
CVE-2026-40093 was published for nimiq-blockchain (Rust) Apr 10, 2026
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern Moderate
GHSA-vj8v-p5vw-m6v5 was published for xrootd (pip) Apr 10, 2026
Rydzz7 Credited to Rydzz7 and abh3 abh3 abh3
Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble High
CVE-2026-40162 was published for bugsink (pip) Apr 10, 2026
DongyangLyu Credited to DongyangLyu
LXD: Importing a crafted backup leads to project restriction bypass Critical
CVE-2026-34178 was published for github.com/canonical/lxd (Go) Apr 10, 2026
mpurg Credited to mpurg
justhtml includes multiple security fixes Moderate
GHSA-c9vm-hv86-f23r was published for justhtml (pip) Apr 10, 2026
EmilStenstrom Credited to EmilStenstrom
wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM... High Unreviewed
CVE-2026-5500 was published Apr 10, 2026
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved... High Unreviewed
CVE-2026-33797 was published Apr 10, 2026
Apache Tomcat has an Improper Input Validation vulnerability Moderate
CVE-2026-32990 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability... High Unreviewed
CVE-2026-5329 was published Apr 9, 2026
OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts Moderate
GHSA-q2gc-xjqw-qp89 was published for openclaw (npm) Apr 9, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55... Moderate Unreviewed
CVE-2026-5919 was published Apr 9, 2026
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55... High Unreviewed
CVE-2026-5915 was published Apr 9, 2026
Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0... Unknown Unreviewed
CVE-2026-5885 was published Apr 9, 2026
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147... Unknown Unreviewed
CVE-2026-5887 was published Apr 9, 2026
Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55... Unknown Unreviewed
CVE-2026-5884 was published Apr 9, 2026
Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727... Unknown Unreviewed
CVE-2026-5879 was published Apr 9, 2026
LangChain has incomplete f-string validation in prompt templates Moderate
CVE-2026-40087 was published for langchain-core (pip) Apr 8, 2026
stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution High
CVE-2026-31040 was published for stata-mcp (pip) Apr 8, 2026
Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Moderate
GHSA-xmrv-pmrh-hhx2 was published for github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream (Go) Apr 8, 2026
Hono: Non-breaking space prefix bypass in cookie name handling in getCookie() Moderate
CVE-2026-39410 was published for hono (npm) Apr 8, 2026
tikitiki0370 Credited to tikitiki0370
OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections Moderate
GHSA-fh32-73r9-rgh5 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771
Improper Input Validation, Improper Control of Generation of Code ('Code Injection')... High Unreviewed
CVE-2026-34197 was published Apr 7, 2026
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980,... High Unreviewed
CVE-2025-57834 was published Apr 6, 2026
An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... High Unreviewed
CVE-2025-57835 was published Apr 6, 2026
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function... Moderate Unreviewed
CVE-2026-5659 was published Apr 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database