GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
11,776 advisories
Filter by severity
Diffusers: TOCTOU Trust Remote Code Bypass
High
CVE-2026-45804
was published
for
diffusers
(pip)
May 20, 2026
melange: Incomplete package integrity verification allows data section substitution
High
CVE-2026-54174
was published
for
chainguard.dev/apko
(Go)
Jul 10, 2026
Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE)
High
CVE-2026-6009
was published
for
net.sf.jasperreports:jasperreports
(Maven)
May 19, 2026
Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enabled is unset
High
GHSA-h4g2-xfmw-q2c9
was published
for
clauster
(pip)
Jul 10, 2026
mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment
High
GHSA-g5r6-gv6m-f5jv
was published
for
mcp-atlassian
(pip)
Jul 10, 2026
mcp-atlassian: Arbitrary server-side file read via attachment upload
High
GHSA-wm45-qh3g-v83f
was published
for
mcp-atlassian
(pip)
Jul 10, 2026
SafeInstall agent guard shell parsing can miss raw package execution
High
GHSA-xrmc-c5cg-rv7x
was published
for
safeinstall-cli
(npm)
Jul 10, 2026
NotrinosERP: Authenticated arbitrary file upload leads to remote code execution via HRM employee "Documents" (doc_file)
High
GHSA-qv4m-m73m-8hj7
was published
for
notrinos/notrinos-erp
(Composer)
Jul 10, 2026
BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py
High
CVE-2026-54071
was published
for
BabelDOC
(pip)
Jul 10, 2026
SiYuan: Stored XSS in Bazaar marketplace via package README event handlers
High
CVE-2026-54070
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Jul 10, 2026
Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)
High
CVE-2026-54063
was published
for
github.com/xuri/excelize/v2
(Go)
Jul 10, 2026
SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read), Incomplete fix of CVE-2026-41894
High
CVE-2026-54066
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Jul 10, 2026
Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
High
CVE-2026-45260
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save
High
CVE-2026-5394
was published
for
pimcore/pimcore
(Composer)
May 28, 2026
Pimcore has a CustomReports Share Bypass
High
CVE-2026-45704
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction
High
CVE-2026-45162
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
High
CVE-2026-44741
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
May 27, 2026
Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
High
CVE-2026-44739
was published
for
pimcore/pimcore
(Composer)
May 27, 2026
libp2p: CPU DoS via oversized IHAVE and IWANT control message arrays
High
CVE-2026-49866
was published
for
@libp2p/gossipsub
(npm)
Jul 10, 2026
Infinispan: Deserialization of untrusted data in the Hot Rod Java client via automatic byte-array deserialization
High
CVE-2016-0750
was published
for
org.infinispan:infinispan-core
(Maven)
May 13, 2022
ws: Memory exhaustion DoS from tiny fragments and data chunks
High
CVE-2026-48779
was published
for
ws
(npm)
Jun 15, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
High
CVE-2026-45674
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
golang.org/x/crypto: Invoking pathological RSA/DSA parameters may cause DoS
High
CVE-2026-39829
was published
for
golang.org/x/crypto
(Go)
Jun 25, 2026
Netty has Insufficient Bailiwick Validation for NS Records
High
CVE-2026-47691
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
High
CVE-2026-48006
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 11, 2026
ProTip!
Advisories are also available from the
GraphQL API