Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,962 advisories

Loading
Defense in Depth update for NuGet Client Low
GHSA-g4vj-cjjj-v7hg was published for NuGet.CommandLine (NuGet) Apr 14, 2026
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem High
GHSA-2x79-gwq3-vxxm was published for iodine (RubyGems) Apr 14, 2026
michaelknap Credited to michaelknap
Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing High
CVE-2026-2332 was published for org.eclipse.jetty:jetty-http (Maven) Apr 14, 2026
xclow3n Credited to xclow3n
MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads High
GHSA-hv4r-mvr4-25vw was published for github.com/minio/minio (Go) Apr 14, 2026
ddd Credited to ddd, harshavardhana, and donatello harshavardhana harshavardhana
donatello donatello
Kiota: Code Generation Literal Injection High
GHSA-2hx3-vp6r-mg3f was published for kiota (NuGet) Apr 14, 2026
baywet Credited to baywet and gavinbarron gavinbarron gavinbarron
pyLoad's Session Not Invalidated After Permission Changes Low
GHSA-fj52-5g4h-gmq8 was published for pyload-ng (pip) Apr 14, 2026
PinkDraconian Credited to PinkDraconian
pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) High
GHSA-66hx-chf7-3332 was published for pyload-ng (pip) Apr 14, 2026
komi22 Credited to komi22
Craft CMS has a host header injection leading to SSRF via resource-js endpoint Moderate
GHSA-95wr-3f2v-v2wh was published for craftcms/cms (Composer) Apr 14, 2026
HuajiHD Credited to HuajiHD
Server-Side Request Forgery (SSRF) in Craft CMS with Asset Uploads Mutations Moderate
GHSA-3m9m-24vh-39wx was published for craftcms/cms (Composer) Apr 14, 2026
r3dbrothers Credited to r3dbrothers
Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action Moderate
GHSA-jq2f-59pj-p3m3 was published for craftcms/cms (Composer) Apr 14, 2026
kaminuma Credited to kaminuma
OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses Low
GHSA-hw5x-4r37-72w7 was published for github.com/opentofu/opentofu (Go) Apr 14, 2026
DotNetNuke.Core security code analysis rules triggered Low
GHSA-fcpv-w245-r2q7 was published for DotNetNuke.Core (NuGet) Apr 14, 2026
bdukes Credited to bdukes and valadas valadas valadas
frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control Moderate
GHSA-pq96-pwvg-vrr9 was published for github.com/fatedier/frp (Go) Apr 14, 2026
0wnerDied Credited to 0wnerDied
ImageMagick has a memory leak in PNG encoder when writing a MNG image Low
GHSA-x928-4434-crqj was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
ylwango613 Credited to ylwango613
ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts Low
GHSA-pmpg-6pww-fg6q was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
ylwango613 Credited to ylwango613
ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value Low
GHSA-8vfj-q2cp-5m5j was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
e1abrador Credited to e1abrador
ImageMagick has has a stack-buffer-overflow in MNG encoder with oversized pallete Moderate
GHSA-98cp-rj9f-6v5g was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
unbengable12 Credited to unbengable12
ImageMagick has has an off-by-one origin validation in allows out-of-bounds read in morphology processing Low
GHSA-q8h3-jv9v-57qx was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
shitianyu-2004 Credited to shitianyu-2004
ImageMagick has a heap-buffer-overflow in FTXT encoder Low
GHSA-w54j-7wpm-crhj was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
unbengable12 Credited to unbengable12
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability Low
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Low
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability Low
CVE-2026-32178 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Apr 14, 2026
WWBN AVideo has an incomplete fix for CVE-2026-33502: Command Injection High
GHSA-pq8p-wc4f-vg7j was published for wwbn/avideo (Composer) Apr 14, 2026
WWBN AVideo has an incomplete fix for CVE-2026-33500: XSS Moderate
GHSA-m7r8-6q9j-m2hc was published for wwbn/avideo (Composer) Apr 14, 2026
WWBN AVideo has an Incomplete fix: Directory traversal bypass via query string in ReceiveImage downloadURL parameters Moderate
GHSA-m63r-m9jh-3vc6 was published for wwbn/avideo (Composer) Apr 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database