GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
6,167 advisories
Filter by severity
Webauthn: SimpleFakeCredentialGenerator with an empty secret produces predictable fake credentials, weakening username enumeration protection
Low
GHSA-gq4g-fpc9-vjfq
was published
for
web-auth/webauthn-lib
(Composer)
Jul 7, 2026
EGroupware Vulnerable to Local File Inclusion via file:// URI in Mail Compose
Moderate
CVE-2026-45016
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2026
EGroupware has Authenticated RCE via Malicious eTemplate Upload
High
CVE-2026-40187
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2026
EGroupware has a Remote Code Execution Vulnerability
Critical
CVE-2026-27823
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2026
Craft CMS: Potential authenticated Remote Code Execution via referrer redirect
High
CVE-2026-55794
was published
for
craftcms/cms
(Composer)
Jul 6, 2026
Craft CMS: Stored XSS via Structure entry title in table view
Moderate
CVE-2026-55793
was published
for
craftcms/cms
(Composer)
Jul 6, 2026
Craft CMS: Sensitive File Disclosure / Server-Side File Read
Moderate
CVE-2026-55792
was published
for
craftcms/cms
(Composer)
Jul 6, 2026
Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget
High
CVE-2026-55790
was published
for
craftcms/cms
(Composer)
Jul 6, 2026
Craft CMS: Authenticated "assets/preview-thumb" discloses signed fallback transform preview link to CP users without asset-view permission
Moderate
GHSA-x76w-8c62-48mg
was published
for
craftcms/cms
(Composer)
Jul 6, 2026
Formie Hidden field defaults vulnerable to Server-Side Template Injection
Critical
CVE-2026-52889
was published
for
verbb/formie
(Composer)
Jul 6, 2026
SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`
High
CVE-2026-49284
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jul 2, 2026
Kimai Favorite Timesheet Add and Remove Endpoints Allows Cross-User Bookmark Manipulation
Low
GHSA-j5mc-p8qg-39j7
was published
for
kimai/kimai
(Composer)
Jul 2, 2026
SimpleSAMLphp has Possible DoS via XPath Transform
High
CVE-2026-49289
was published
for
simplesamlphp/saml2
(Composer)
Jul 2, 2026
SimpleSAMLphp HTTP-Artifact TLS validator confusion allows cross-IdP authentication bypass
High
CVE-2026-49283
was published
for
simplesamlphp/saml2
(Composer)
Jul 2, 2026
Craft CMS Vulnerable to Unauthorized Deletion of Destination Folders During Forced Moves
High
CVE-2026-50282
was published
for
craftcms/cms
(Composer)
Jul 2, 2026
Craft CMS's mass assignment via id in newAttributes during bulk duplicate overwrites existing elements
High
CVE-2026-50281
was published
for
craftcms/cms
(Composer)
Jul 2, 2026
Mautic has Stored Cross-Site Scripting (XSS) in Project Option Selector
Moderate
CVE-2026-9811
was published
for
mautic/core
(Composer)
Jul 2, 2026
Mautic has Stored Cross-Site Scripting (XSS) in Projects Component
High
CVE-2026-9809
was published
for
mautic/core
(Composer)
Jul 2, 2026
Mautic has an Authorization Bypass in API v2 Endpoints
High
CVE-2026-9808
was published
for
mautic/core
(Composer)
Jul 2, 2026
Mautic vulnerable to Path Traversal via Campaign Import
Critical
CVE-2026-9559
was published
for
mautic/core
(Composer)
Jul 2, 2026
Mautic has Server-Side Template Injection (SSTI) in Theme Templates
Critical
CVE-2026-9558
was published
for
mautic/core
(Composer)
Jul 2, 2026
Mautic Focus component Vulnerable to SSRF
Moderate
CVE-2026-9557
was published
for
mautic/core
(Composer)
Jul 2, 2026
Mautic has SQL Injection in API Contact Filtering
High
CVE-2026-4776
was published
for
mautic/core
(Composer)
Jul 2, 2026
Froxlor customer can create MySQL databases on disallowed servers via Mysqls.add API
Moderate
GHSA-q4rm-m6xh-5pv7
was published
for
froxlor/froxlor
(Composer)
Jul 2, 2026
Froxlor: Authenticated customers can read other customers' allowed sender aliases
Moderate
GHSA-mr9h-45p9-fg8h
was published
for
froxlor/froxlor
(Composer)
Jul 2, 2026
ProTip!
Advisories are also available from the
GraphQL API