Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,170 advisories

Loading
In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the... Unknown Unreviewed
CVE-2026-29197 was published Apr 24, 2026
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-24303 was published Apr 24, 2026
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment High
CVE-2026-41900 was published for openlearnx (npm) Apr 23, 2026
krraze Credited to krraze and Stalin-143 Stalin-143 Stalin-143
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers High
CVE-2026-33318 was published for @actual-app/sync-server (npm) Apr 23, 2026
Rex50527 Credited to Rex50527
@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call High
CVE-2026-41641 was published for @nocobase/plugin-collection-sql (npm) Apr 22, 2026
p80n-sec Credited to p80n-sec
Nuclei: Local File Read via require() Module Loader Bypass Moderate
CVE-2026-41646 was published for github.com/projectdiscovery/nuclei/v3 (Go) Apr 22, 2026
AkashHamal0x01 Credited to AkashHamal0x01
OpenRemote has Improper Access Control via updateUserRealmRoles function High
CVE-2026-41166 was published for io.openremote:openremote-manager (Maven) Apr 22, 2026
KKC73 Credited to KKC73
Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="... High Unreviewed
CVE-2026-22754 was published Apr 22, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-35247 was published Apr 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Low Unreviewed
CVE-2026-35250 was published Apr 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-35251 was published Apr 21, 2026
Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications ... Moderate Unreviewed
CVE-2026-34323 was published Apr 21, 2026
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Moderate Unreviewed
CVE-2026-34325 was published Apr 21, 2026
Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications ... Moderate Unreviewed
CVE-2026-34324 was published Apr 21, 2026
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion... High Unreviewed
CVE-2026-35243 was published Apr 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-35246 was published Apr 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-35245 was published Apr 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-35248 was published Apr 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Low Unreviewed
CVE-2026-35249 was published Apr 21, 2026
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C... Moderate Unreviewed
CVE-2026-35252 was published Apr 21, 2026
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported... Moderate Unreviewed
CVE-2026-35235 was published Apr 21, 2026
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported... Moderate Unreviewed
CVE-2026-35239 was published Apr 21, 2026
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2026-35238 was published Apr 21, 2026
Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial... High Unreviewed
CVE-2026-35231 was published Apr 21, 2026
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are... High Unreviewed
CVE-2026-35229 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database