Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,497
Maven
5,000+
npm
5,000+
NuGet
899
pip
4,749
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,878 advisories

Loading
kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token High
GHSA-q93q-v844-jrqp was published for github.com/kyverno/kyverno (Go) Apr 14, 2026
1seal Credited to 1seal
Kyverno APICall SSRF Vulnerability Leading to Multi-Tenant Isolation Breach High
GHSA-fmqp-4wfc-w3v7 was published for github.com/kyverno/kyverno (Go) Apr 14, 2026
b0b0haha Credited to b0b0haha and j311yl0v3u j311yl0v3u j311yl0v3u
Kyverno has unrestricted outbound requests in Kyverno apiCall enabling SSRF High
GHSA-qr4g-8hrp-c4rw was published for github.com/kyverno/kyverno (Go) Apr 14, 2026
scumfrog Credited to scumfrog
Multiple security fixes in justhtml Low
GHSA-4p64-v8f5-r2gx was published for justhtml (pip) Apr 14, 2026
EmilStenstrom Credited to EmilStenstrom
Composer has a command injection via malicious perforce repository High
CVE-2026-40176 was published for composer/composer (Composer) Apr 14, 2026
glaubinix Credited to glaubinix and Saku0512 Saku0512 Saku0512
October CMS has Stored XSS in Event Log Mail Preview Moderate
CVE-2026-24907 was published for october/system (Composer) Apr 14, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October CMS has Stored XSS in Backend Editor Markup Classes Moderate
CVE-2026-24906 was published for october/system (Composer) Apr 14, 2026
Neosprings Credited to Neosprings and daftspunk daftspunk daftspunk
October Rain has a Twig Sandbox Bypass via Collection Methods Moderate
CVE-2026-22692 was published for october/rain (Composer) Apr 14, 2026
lukasz-rybak Credited to lukasz-rybak and daftspunk daftspunk daftspunk
Composer has a command injection via malicious perforce reference High
CVE-2026-40261 was published for composer/composer (Composer) Apr 14, 2026
kodareef5 Credited to kodareef5
URL Redirection to Untrusted Site ('Open Redirect') in @adonisjs/http-server Moderate
CVE-2026-40255 was published for @adonisjs/core (npm) Apr 14, 2026
thetutlage Credited to thetutlage
free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors Moderate
CVE-2026-40249 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions High
CVE-2026-40248 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions High
CVE-2026-40247 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions High
CVE-2026-40246 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication High
CVE-2026-40245 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
ImageMagick has an off-by-one error in MSL decoder could result in crash Moderate
CVE-2026-40312 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
COCOP1l0t Credited to COCOP1l0t
ImageMagick has a heap-use-after-free via XMP profile could result in a crash when printing the values. Moderate
CVE-2026-40311 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
ImageMagick has a heap out-of-bounds write in JP2 encoder Moderate
CVE-2026-40310 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
jakelamberson Credited to jakelamberson
ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float Moderate
CVE-2026-40183 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
jakelamberson Credited to jakelamberson
ImageMagick has a heap buffer overflow (WRITE) in the YAML and JSON encoders. Moderate
CVE-2026-40169 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
zer0matt Credited to zer0matt
ImageMagick has an out-of-bounds read in sample operation Moderate
CVE-2026-33905 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
shitianyu-2004 Credited to shitianyu-2004
ImageMagick has a Stack Overflow via Recursive FX Expression Parsing Moderate
CVE-2026-33902 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
fumfel Credited to fumfel
gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall Moderate
GHSA-76hw-p97h-883f was published for gdown (pip) Apr 14, 2026
redyank Credited to redyank, dyingman1, drkim-dev, and HiHyeonji dyingman1 dyingman1
drkim-dev drkim-dev HiHyeonji HiHyeonji
follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets Moderate
GHSA-r4q5-vmmm-2653 was published for follow-redirects (npm) Apr 14, 2026
Den-Sec Credited to Den-Sec
LDAP Injection in mitmproxy Moderate
GHSA-527g-3w9m-29hv was published for mitmproxy (pip) Apr 14, 2026
yueyueL Credited to yueyueL and mhils mhils mhils
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database