Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,632 advisories

Loading
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation... Critical Unreviewed
CVE-2026-27304 was published Apr 15, 2026
Oxia has an OIDC token audience validation bypass via SkipClientIDCheck Critical
GHSA-fhvp-9hcj-6m33 was published for github.com/oxia-db/oxia (Go) Apr 14, 2026
WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks Critical
GHSA-gph2-j4c9-vhhr was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in @vendure/core Critical
GHSA-9pp3-53p2-ww9v was published for @vendure/core (npm) Apr 14, 2026
jacobfrantz1 Credited to jacobfrantz1
Expression Injection in OpenRemote Critical
CVE-2026-39842 was published for io.openremote:openremote-manager (Maven) Apr 14, 2026
qxyuan853 Credited to qxyuan853
OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode Critical
CVE-2026-34457 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Apr 14, 2026
iamnoooob Credited to iamnoooob
Empty-username SFTP password authentication bypass in goshs Critical
GHSA-c29w-qq4m-2gcv was published for github.com/patrickhener/goshs (Go) Apr 14, 2026
R1ZZG0D Credited to R1ZZG0D
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on... Critical Unreviewed
CVE-2026-5752 was published Apr 14, 2026
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. Critical Unreviewed
CVE-2026-33824 was published Apr 14, 2026
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted... Critical Unreviewed
CVE-2026-34615 was published Apr 14, 2026
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting... Critical Unreviewed
CVE-2026-27246 was published Apr 14, 2026
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting... Critical Unreviewed
CVE-2026-27243 was published Apr 14, 2026
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting... Critical Unreviewed
CVE-2026-27245 was published Apr 14, 2026
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted... Critical Unreviewed
CVE-2026-27303 was published Apr 14, 2026
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an... Critical Unreviewed
CVE-2026-26149 was published Apr 14, 2026
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5,... Critical Unreviewed
CVE-2026-39813 was published Apr 14, 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of... Critical Unreviewed
CVE-2026-38526 was published Apr 14, 2026
A improper neutralization of special elements used in an os command ('os command injection')... Critical Unreviewed
CVE-2026-39808 was published Apr 14, 2026
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability... Critical Unreviewed
CVE-2025-65135 was published Apr 14, 2026
Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store... Critical Unreviewed
CVE-2025-63939 was published Apr 14, 2026
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has... Critical Unreviewed
CVE-2025-8095 was published Apr 14, 2026
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability... Critical Unreviewed
CVE-2026-2449 was published Apr 14, 2026
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing... Critical Unreviewed
CVE-2026-4365 was published Apr 14, 2026
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote... Critical Unreviewed
CVE-2026-6264 was published Apr 14, 2026
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP... Critical Unreviewed
CVE-2026-27681 was published Apr 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database