Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

327,609 advisories

Loading
PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes High
GHSA-qrr6-mg7r-m243 was published for phpunit/phpunit (Composer) Apr 18, 2026
kayw-geek Credited to kayw-geek, sebastianbergmann, and sanmai sebastianbergmann sebastianbergmann
sanmai sanmai
A possible security vulnerability has been identified in Apache Kafka. By default, the broker... Critical Unreviewed
CVE-2026-33557 was published Apr 20, 2026
A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver... Moderate Unreviewed
CVE-2026-21709 was published Apr 17, 2026
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows... High Unreviewed
CVE-2026-5720 was published Apr 18, 2026
UI / API User with asset materialize permission could trigger dags they had no access to. Users... High Unreviewed
CVE-2026-32228 was published Apr 18, 2026
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization... Moderate Unreviewed
CVE-2025-66335 was published Apr 20, 2026
Dag Authors, who normally should not be able to execute code in the webserver context could craft... Critical Unreviewed
CVE-2026-25917 was published Apr 18, 2026
An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in... High Unreviewed
CVE-2026-30898 was published Apr 18, 2026
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api... High Unreviewed
CVE-2026-30912 was published Apr 18, 2026
Hydrosystem Control System saves sensitive information into a log file. Critically, user... Moderate Unreviewed
CVE-2026-4901 was published Apr 9, 2026
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that... High Unreviewed
CVE-2019-25678 was published Apr 5, 2026
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the... Moderate Unreviewed
CVE-2024-0849 was published Feb 7, 2024
Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated... Moderate Unreviewed
CVE-2026-33455 was published Apr 10, 2026
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and... High Unreviewed
CVE-2025-13502 was published Nov 25, 2025
Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An... Moderate Unreviewed
CVE-2026-4420 was published Apr 7, 2026
Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input... High Unreviewed
CVE-2026-34185 was published Apr 9, 2026
Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that... High Unreviewed
CVE-2019-25676 was published Apr 5, 2026
Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47... Moderate Unreviewed
CVE-2026-33457 was published Apr 10, 2026
Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an... Moderate Unreviewed
CVE-2026-33456 was published Apr 10, 2026
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result... Moderate Unreviewed
CVE-2026-41389 was published Apr 20, 2026
GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports... Moderate Unreviewed
CVE-2026-23757 was published Apr 20, 2026
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket... Moderate Unreviewed
CVE-2026-23758 was published Apr 20, 2026
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the... Moderate Unreviewed
CVE-2026-23756 was published Apr 20, 2026
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management... High Unreviewed
CVE-2026-39111 was published Apr 20, 2026
Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors... Moderate Unreviewed
CVE-2026-39112 was published Apr 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database