Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,212
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,494
Pub
12
RubyGems
995
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

152,675 advisories

Loading
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G... Moderate Unreviewed
CVE-2026-26945 was published Mar 18, 2026
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G... Moderate Unreviewed
CVE-2026-26948 was published Mar 18, 2026
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml... Moderate Unreviewed
CVE-2026-33003 was published Mar 18, 2026
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2026-2559 was published Mar 18, 2026
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field... Moderate Unreviewed
CVE-2026-2512 was published Mar 18, 2026
Avo has a XSS vulnerability on `return_to` param Moderate
CVE-2026-33209 was published for avo (RubyGems) Mar 18, 2026
timwis Credited to timwis
Zitadel is missing enforcement of organization scopes Moderate
CVE-2026-33132 was published for github.com/zitadel/zitadel (Go) Mar 18, 2026
peintnermax Credited to peintnermax, grvijayan, wim07101993, livio-a, and motoki317 grvijayan grvijayan
wim07101993 wim07101993 livio-a livio-a motoki317 motoki317
PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation Moderate
CVE-2026-33081 was published for github.com/pinchtab/pinchtab (Go) Mar 18, 2026
Yesuhei Credited to Yesuhei
Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution Moderate
CVE-2026-33140 was published for pyspector (pip) Mar 18, 2026
satoridev01 Credited to satoridev01
h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read Moderate
GHSA-wr4h-v87w-p3r7 was published for h3 (npm) Mar 18, 2026
0xkakash1 Credited to 0xkakash1
h3 has an observable timing discrepancy in basic auth utils Moderate
CVE-2026-33129 was published for h3 (npm) Mar 18, 2026
simonkoeck Credited to simonkoeck
pypdf has inefficient decoding of array-based streams Moderate
CVE-2026-33123 was published for pypdf (pip) Mar 18, 2026
kule500 Credited to kule500 and stefan6419846 stefan6419846 stefan6419846
The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class Moderate
CVE-2026-1323 was published for cpsit/typo3-mailqueue (Composer) Mar 18, 2026
eliashaeussler Credited to eliashaeussler
Cross-Site Scripting (XSS) via SVG Schema innerHTML Injection in @pdfme/schemas Moderate
GHSA-87v3-4cfp-cm76 was published for @pdfme/schemas (npm) Mar 18, 2026
deprrous Credited to deprrous
Cross-Site Scripting (XSS) via Select Schema Option Value Injection in @pdfme/schemas Moderate
GHSA-qq9g-96v4-m3cj was published for @pdfme/schemas (npm) Mar 18, 2026
deprrous Credited to deprrous
SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata Moderate
CVE-2026-33067 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
0xkakash1 Credited to 0xkakash1
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering Moderate
CVE-2026-33066 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
0xkakash1 Credited to 0xkakash1
SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks Moderate
CVE-2026-33060 was published for @aborruso/ckan-mcp-server (npm) Mar 18, 2026
abcgco Credited to abcgco
File Browser has an Authorization Policy Bypass in Public Share Download Flow Moderate
CVE-2026-32761 was published for https://github.com/filebrowser/filebrowser (Go) Mar 18, 2026
Ahmad-jarwan Credited to Ahmad-jarwan and hacdias hacdias hacdias
Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121 Moderate
GHSA-594f-3595-c47v was published for github.com/argoproj-labs/terraform-provider-argocd (Go) Mar 18, 2026
Craft CMS Vulnerable to Stored XSS in Revision Context Menu Moderate
CVE-2026-33051 was published for craftcms/cms (Composer) Mar 18, 2026
Neosprings Credited to Neosprings
In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API. Moderate Unreviewed
CVE-2026-33265 was published Mar 18, 2026
beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder... Moderate Unreviewed
CVE-2025-12518 was published Mar 18, 2026
Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting... Moderate Unreviewed
CVE-2026-32565 was published Mar 18, 2026
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2026-1217 was published Mar 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database