GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
347,788 advisories
Filter by severity
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation
Low
CVE-2026-4874
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 26, 2026
MantisBT: Stored XSS in print_all_bug_page_word.php
High
CVE-2026-62944
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
GPTCache: File and image cache keys collide because BufferedReader.peek() only reads the buffered prefix
Low
CVE-2026-10812
was published
for
gptcache
(pip)
Jun 4, 2026
MantisBT: Injection of TIME_TRACKING and REMINDER Notes via REST and SOAP APIs
Moderate
CVE-2026-52883
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: SOAP API Authentication Bypass with Privilege Escalation to Administrator
Critical
CVE-2026-47156
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: REST and SOAP API Issue Update Accepts Unreleased Product Versions From Updaters
Moderate
CVE-2026-52882
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim
Low
CVE-2026-37977
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 6, 2026
MantisBT: Reflected XSS in admin/install.php via unescaped printf
Critical
CVE-2026-52881
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the...
High
Unreviewed
CVE-2023-4346
was published
Aug 29, 2023
Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session...
Critical
Unreviewed
CVE-2026-15747
was published
Jul 14, 2026
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File...
Critical
Unreviewed
CVE-2026-46817
was published
May 28, 2026
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
High
CVE-2026-0621
was published
for
@modelcontextprotocol/sdk
(npm)
Jan 5, 2026
BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability...
High
Unreviewed
CVE-2026-59255
was published
Jul 15, 2026
Pegatron `Tdelo64.sys` exposes a privileged device interface, `\\.\TdeIo`, that fails to properly...
Unknown
Unreviewed
CVE-2026-14961
was published
Jul 15, 2026
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment...
High
Unreviewed
CVE-2026-62389
was published
Jul 15, 2026
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform...
High
Unreviewed
CVE-2026-20296
was published
Jul 15, 2026
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code...
High
Unreviewed
CVE-2026-40501
was published
Jul 15, 2026
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud...
High
Unreviewed
CVE-2026-20297
was published
Jul 15, 2026
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\...
Unknown
Unreviewed
CVE-2026-14960
was published
Jul 15, 2026
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/...
High
Unreviewed
CVE-2026-59258
was published
Jul 15, 2026
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS...
High
Unreviewed
CVE-2026-20187
was published
Jul 15, 2026
Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure...
Moderate
Unreviewed
CVE-2026-56087
was published
Jul 15, 2026
GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information...
High
Unreviewed
CVE-2026-58658
was published
Jul 15, 2026
PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution...
High
Unreviewed
CVE-2026-58659
was published
Jul 15, 2026
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save() method (used by the...
High
Unreviewed
CVE-2026-58660
was published
Jul 15, 2026
ProTip!
Advisories are also available from the
GraphQL API