Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,041 advisories

Loading
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the... Moderate Unreviewed
CVE-2026-5538 was published Apr 5, 2026
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the... Moderate Unreviewed
CVE-2026-5530 was published Apr 5, 2026
web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling Moderate
GHSA-5hr4-253g-cpx2 was published for web3 (pip) Apr 4, 2026
Nadav0077 Credited to Nadav0077
vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` Moderate
CVE-2026-34753 was published for vllm (pip) Apr 3, 2026
Fushuling Credited to Fushuling, L2ncE, TsingShui, l2yyd5, Danthology, arthur-stat, BoyiZhao, russellb, and jperezdealgaba L2ncE L2ncE
TsingShui TsingShui l2yyd5 l2yyd5 Danthology Danthology arthur-stat arthur-stat BoyiZhao BoyiZhao russellb russellb jperezdealgaba jperezdealgaba
prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability... Moderate Unreviewed
CVE-2026-22662 was published Apr 3, 2026
A security vulnerability has been detected in mixelpixx Google-Research-MCP... Moderate Unreviewed
CVE-2026-5470 was published Apr 3, 2026
Microsoft Bing Elevation of Privilege Vulnerability Moderate Unreviewed
CVE-2026-32186 was published Apr 3, 2026
A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the... Moderate Unreviewed
CVE-2026-5469 was published Apr 3, 2026
Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages Moderate
CVE-2026-35540 was published for roundcube/roundcubemail (Composer) Apr 3, 2026
A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function... Moderate Unreviewed
CVE-2026-5417 was published Apr 2, 2026
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function... Moderate Unreviewed
CVE-2026-5418 was published Apr 2, 2026
OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery Moderate
GHSA-9q7v-8mr7-g23p was published for openclaw (npm) Apr 2, 2026
tdjackey Credited to tdjackey
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function... Moderate Unreviewed
CVE-2026-5346 was published Apr 2, 2026
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions... Moderate Unreviewed
CVE-2026-0688 was published Apr 2, 2026
SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6 Moderate
CVE-2026-34526 was published for sillytavern (npm) Apr 1, 2026
bulmax9797-sketch Credited to bulmax9797-sketch
AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows Moderate
CVE-2026-34515 was published for aiohttp (pip) Apr 1, 2026
nvn1729 Credited to nvn1729 and bdraco bdraco bdraco
AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation Moderate
CVE-2026-34740 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an... Moderate Unreviewed
CVE-2026-20041 was published Apr 1, 2026
Improper input validation in the gateway health check feature in Devolutions Server allows a low... Moderate Unreviewed
CVE-2026-4989 was published Apr 1, 2026
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document... Moderate Unreviewed
CVE-2026-0932 was published Apr 1, 2026
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an... Moderate Unreviewed
CVE-2026-5259 was published Apr 1, 2026
Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters Moderate
GHSA-pqhr-mp3f-hrpp was published for nuxt-og-image (npm) Mar 31, 2026
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the... Moderate Unreviewed
CVE-2026-5205 was published Mar 31, 2026
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal... Moderate Unreviewed
CVE-2026-34504 was published Mar 31, 2026
The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before... Moderate Unreviewed
CVE-2026-3881 was published Mar 31, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database