Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,194 advisories

Loading
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element... Low Unreviewed
CVE-2026-7732 was published May 4, 2026
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService:... Moderate Unreviewed
CVE-2026-7733 was published May 4, 2026
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file... Moderate Unreviewed
CVE-2026-7711 was published May 4, 2026
A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance... Low Unreviewed
CVE-2026-7696 was published May 3, 2026
A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code... Low Unreviewed
CVE-2026-7673 was published May 3, 2026
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute... High Unreviewed
CVE-2026-37526 was published May 1, 2026
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the... Low Unreviewed
CVE-2026-7578 was published May 1, 2026
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i... Moderate Unreviewed
CVE-2026-2311 was published May 1, 2026
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the... Low Unreviewed
CVE-2026-7393 was published Apr 29, 2026
A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file ... Moderate Unreviewed
CVE-2025-9772 was published Apr 29, 2026
FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field Moderate
CVE-2026-32699 was published for facturascripts/facturascripts (Composer) Apr 28, 2026
TurkiOS Credited to TurkiOS
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... High Unreviewed
CVE-2026-5780 was published Apr 28, 2026
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... Critical Unreviewed
CVE-2026-5779 was published Apr 28, 2026
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the... Moderate Unreviewed
CVE-2026-7238 was published Apr 28, 2026
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from... Moderate Unreviewed
CVE-2026-40966 was published Apr 28, 2026
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an... Moderate Unreviewed
CVE-2026-7134 was published Apr 27, 2026
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts... Moderate Unreviewed
CVE-2026-7133 was published Apr 27, 2026
A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted... Moderate Unreviewed
CVE-2026-7107 was published Apr 27, 2026
A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of... Moderate Unreviewed
CVE-2026-7043 was published Apr 27, 2026
A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file ... Moderate Unreviewed
CVE-2026-7044 was published Apr 27, 2026
OpenClaw: Paired-device pairing actions were not limited to the caller device Low
GHSA-xrq9-jm7v-g9h7 was published for openclaw (npm) Apr 25, 2026
Hinotoi-agent Credited to Hinotoi-agent
In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution... Moderate Unreviewed
CVE-2025-59308 was published Apr 24, 2026
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low... Moderate Unreviewed
CVE-2025-67259 was published Apr 24, 2026
Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources High
GHSA-qc5p-3mg5-9fh8 was published for avo (RubyGems) Apr 24, 2026
xIllunight Credited to xIllunight
In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the... Moderate Unreviewed
CVE-2026-29197 was published Apr 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database