Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,876
Maven
5,000+
npm
4,502
NuGet
780
pip
4,254
Pub
12
RubyGems
975
Rust
1,100
Swift
49
Unreviewed advisories
All unreviewed
5,000+

312,936 advisories

Loading
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter) Moderate
CVE-2026-24473 was published for hono (npm) Jan 27, 2026
kilkat JungJoonWoo
Credited to kilkat and JungJoonWoo
PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling High
CVE-2026-24765 was published for phpunit/phpunit (Composer) Jan 27, 2026
aqhmal theseer
Credited to aqhmal and theseer
gix-date can create non-utf8 string with `TimeBuf::as_str` Moderate
CVE-2026-0810 was published for gix-date (Rust) Jan 5, 2026
Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str` Moderate
GHSA-8rgq-m2pm-jvmg was published for gix-date (Rust) Jan 26, 2026 withdrawn
Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access Moderate
CVE-2026-24748 was published for github.com/akuity/kargo (Go) Jan 27, 2026
StudioCMS has Authorization Bypass Through User-Controlled Key Moderate
CVE-2026-24134 was published for studiocms (npm) Jan 27, 2026
FilipeGaudard Adammatthiesen
Credited to FilipeGaudard and Adammatthiesen
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods Low
CVE-2026-1190 was published for org.keycloak:keycloak-services (Maven) Jan 26, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24620 was published Jan 23, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia... Moderate Unreviewed
CVE-2026-22409 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24584 was published Jan 23, 2026
The binary serving the web server and executing basically all actions launched from the Web UI is... High Unreviewed
CVE-2025-59106 was published Jan 26, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino... Moderate Unreviewed
CVE-2026-22411 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-22463 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-23976 was published Jan 22, 2026
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule... Moderate Unreviewed
CVE-2025-69315 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-22353 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-68906 was published Jan 22, 2026
Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross... Moderate Unreviewed
CVE-2026-22483 was published Jan 22, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail... Moderate Unreviewed
CVE-2026-24521 was published Jan 23, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic... Critical Unreviewed
CVE-2025-68909 was published Jan 22, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-22470 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-24383 was published Jan 22, 2026
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly... High Unreviewed
CVE-2025-69313 was published Jan 22, 2026
Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for... Moderate Unreviewed
CVE-2026-22462 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-69321 was published Jan 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database