Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,615
Maven
5,000+
npm
5,000+
NuGet
925
pip
4,835
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

329,212 advisories

Loading
Improper access control in the multi-factor authentication (MFA) management API in Devolutions... Moderate Unreviewed
CVE-2026-5175 was published Apr 1, 2026
pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent... High Unreviewed
CVE-2026-30273 was published Apr 1, 2026
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character... Critical Unreviewed
CVE-2024-40489 was published Apr 1, 2026
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users... Moderate Unreviewed
CVE-2026-4927 was published Apr 1, 2026
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. Moderate Unreviewed
CVE-2026-25834 was published Apr 1, 2026
Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of... Moderate Unreviewed
CVE-2026-29598 was published Apr 1, 2026
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5... High Unreviewed
CVE-2026-30291 was published Apr 1, 2026
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had... High Unreviewed
CVE-2026-5281 was published Apr 1, 2026
ONNX: External Data Symlink Traversal Moderate
CVE-2026-34447 was published for onnx (pip) Apr 1, 2026
jayashwaS Credited to jayashwaS
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load Moderate
CVE-2026-34446 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers Moderate
GHSA-c65f-x25w-62jv was published for openssl-encrypt (pip) Apr 1, 2026
openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage Moderate
GHSA-4rh7-jwg9-m28m was published for openssl-encrypt (pip) Apr 1, 2026
openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers Moderate
GHSA-2vhw-q7vh-7xv2 was published for openssl-encrypt (pip) Apr 1, 2026
openssl-encrypt has no owner verification on key revocation — any client can revoke any key Moderate
GHSA-hvc7-763r-4f3h was published for openssl-encrypt (pip) Apr 1, 2026
openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys Moderate
GHSA-8h88-gxp3-j7pg was published for openssl-encrypt (pip) Apr 1, 2026
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. High
CVE-2026-34445 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard Moderate
CVE-2026-34733 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints Moderate
CVE-2026-34732 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php High
CVE-2026-34731 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
NetBird has Race Condition on UpdateUser Function, Resulting in Privilege Escalation From Admin to Owner Moderate
GHSA-rxmp-8h9v-56cx was published for github.com/netbirdio/netbird (Go) Apr 1, 2026
sabancihan Credited to sabancihan
AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification Moderate
CVE-2026-34716 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins Moderate
CVE-2026-34613 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645 Moderate
GHSA-5qvp-pr9f-2g2v was published for poetry-plugin-tweak-dependencies-version (pip) Apr 1, 2026
AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users Moderate
CVE-2026-34611 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
c2cciutils affected by CVE-2022-40896 Moderate
GHSA-qc22-xmq4-qg46 was published for c2cciutils (pip) Apr 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database