Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,880
Maven
5,000+
npm
5,000+
NuGet
958
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,364
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,557 advisories

Loading
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database... Moderate Unreviewed
CVE-2026-9100 was published May 20, 2026
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have... Moderate Unreviewed
CVE-2026-20206 was published May 20, 2026
Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not... Moderate Unreviewed
CVE-2026-9101 was published May 20, 2026
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2026-20240 was published May 20, 2026
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin'... Moderate Unreviewed
CVE-2026-20238 was published May 20, 2026
A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId... Moderate Unreviewed
CVE-2026-9087 was published May 20, 2026
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit... Moderate Unreviewed
CVE-2026-8486 was published May 20, 2026
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing... Moderate Unreviewed
CVE-2026-9084 was published May 20, 2026
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows... Moderate Unreviewed
CVE-2026-8487 was published May 20, 2026
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that... Moderate Unreviewed
CVE-2023-7346 was published May 20, 2026
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could... Moderate Unreviewed
CVE-2026-20199 was published May 20, 2026
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting,... Moderate Unreviewed
CVE-2026-4293 was published May 20, 2026
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit... Moderate Unreviewed
CVE-2026-8488 was published May 20, 2026
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco... Moderate Unreviewed
CVE-2026-20171 was published May 20, 2026
Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows Moderate
GHSA-c2c9-mfw7-p8hw was published for flowise (npm) May 20, 2026
offset Credited to offset
Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification Moderate
GHSA-59fh-9f3p-7m39 was published for flowise (npm) May 20, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage Moderate
GHSA-m837-xvxr-vqwg was published for flowise (npm) May 20, 2026
DeathsPirate Credited to DeathsPirate
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows... Moderate Unreviewed
CVE-2026-8485 was published May 20, 2026
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad... Moderate Unreviewed
CVE-2026-5950 was published May 20, 2026
The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability.  Under certain... Moderate Unreviewed
CVE-2026-21836 was published May 20, 2026
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop... Moderate Unreviewed
CVE-2026-45443 was published May 20, 2026
Microsoft Defender Denial of Service Vulnerability Moderate Unreviewed
CVE-2026-45498 was published May 20, 2026
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27405 was published May 20, 2026
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a... Moderate Unreviewed
CVE-2026-3592 was published May 20, 2026
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows... Moderate Unreviewed
CVE-2026-27424 was published May 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database