Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
TSPortal: Any user can forge self-deletion requests for any account High
CVE-2026-29788 was published for miraheze/ts-portal (Composer) Mar 27, 2026
pskyechology Credited to pskyechology and Universal-Omega Universal-Omega Universal-Omega
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that... Moderate Unreviewed
CVE-2019-25596 was published Mar 22, 2026
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions High
CVE-2026-2092 was published for org.keycloak:keycloak-saml-adapter-core (Maven) Mar 18, 2026
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle... Moderate Unreviewed
CVE-2026-2454 was published Mar 16, 2026
Mattermost fails to properly validate User-Agent header tokens Moderate
CVE-2026-25783 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing... High Unreviewed
CVE-2026-20074 was published Mar 11, 2026
Improper validation of specified type of input in SQL Server allows an authorized attacker to... High Unreviewed
CVE-2026-26115 was published Mar 10, 2026
Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock... High Unreviewed
CVE-2026-25179 was published Mar 10, 2026
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator... High Unreviewed
CVE-2026-2004 was published Feb 12, 2026
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few... Moderate Unreviewed
CVE-2026-2003 was published Feb 12, 2026
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE)... High Unreviewed
CVE-2026-20119 was published Feb 4, 2026
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-24307 was published Jan 23, 2026
Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in Moderate
CVE-2025-12689 was published for github.com/mattermost/mattermost-plugin-calls (Go) Dec 17, 2025
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection Low
CVE-2025-13352 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
An unauthorised attacker within bluetooth range may use an improper validation during the BLE... Moderate Unreviewed
CVE-2024-2105 was published Dec 10, 2025
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could... Moderate Unreviewed
CVE-2025-32901 was published Dec 5, 2025
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial... Moderate Unreviewed
CVE-2025-20756 was published Dec 2, 2025
Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API Moderate
CVE-2025-60633 was published for github.com/free5gc/openapi (Go) Nov 24, 2025
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs... Critical Unreviewed
CVE-2025-12977 was published Nov 24, 2025
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device... High Unreviewed
CVE-2025-41729 was published Nov 24, 2025
The VAPIX API port.cgi did not have sufficient input validation, which may result in process... Moderate Unreviewed
CVE-2025-9524 was published Nov 11, 2025
ACAP applications can gain elevated privileges due to improper input validation, potentially... Moderate Unreviewed
CVE-2025-6298 was published Nov 11, 2025
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary... Moderate Unreviewed
CVE-2025-4645 was published Nov 11, 2025
Improper validation of specified type of input in Windows Authentication Methods allows an... High Unreviewed
CVE-2025-59277 was published Oct 14, 2025
Improper validation of specified type of input in Windows Authentication Methods allows an... High Unreviewed
CVE-2025-59278 was published Oct 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database