Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

27,184 advisories

Loading
Gokapi vulnerable to Privilege Escalation in File Replace Moderate
CVE-2026-30943 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
Gokapi vulnerable to DoS in E2E Metadata Parser Moderate
CVE-2026-30955 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu, Forceu, and aisafe-bot Forceu Forceu
aisafe-bot aisafe-bot
Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload Moderate
CVE-2026-30961 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter Moderate
CVE-2026-26186 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
fuzzztf Credited to fuzzztf
SAML authentication bypass due to missing validation on unsigned SAML messages Critical
GHSA-hx5q-v6pj-533r was published for com.linecorp.centraldogma:centraldogma-server-auth-saml (Maven) Feb 26, 2024
lishiki Credited to lishiki
Kirby vulnerable to unrestricted file upload of user avatar images Moderate
CVE-2024-26483 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara Credited to PlyNatwara
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages Critical
CVE-2024-1735 was published for com.linecorp.armeria:armeria-saml (Maven) Feb 26, 2024
lishiki Credited to lishiki
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
orjson does not limit recursion for deeply nested JSON documents High
CVE-2024-27454 was published for orjson (pip) Feb 26, 2024
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` Low
CVE-2024-27088 was published for es5-ext (npm) Feb 26, 2024
GAP-dev Credited to GAP-dev and SCH227 SCH227 SCH227
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337 Credited to bruno-1337
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot Credited to byroot
Apache James MIME4J improper input validation vulnerability Moderate
CVE-2024-21742 was published for org.apache.james:apache-mime4j-core (Maven) Feb 27, 2024
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field Moderate
CVE-2024-26481 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara Credited to PlyNatwara
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type Moderate
CVE-2024-27087 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara Credited to PlyNatwara
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials Critical
CVE-2024-25124 was published for github.com/gofiber/fiber/v2 (Go) Feb 22, 2024
gaby Credited to gaby, sixcolors, and ReneWerner87 sixcolors sixcolors
ReneWerner87 ReneWerner87
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions Moderate
CVE-2024-26267 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel Moderate
CVE-2024-25150 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API Moderate
CVE-2024-25605 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes Moderate
CVE-2024-25609 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi Credited to microstudi, alecslupu, and andreslucena alecslupu alecslupu
andreslucena andreslucena
Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page Moderate
CVE-2023-44308 was published for com.liferay:com.liferay.adaptive.media.web (Maven) Feb 20, 2024
Duplicate Advisory: Keycloak DoS via account lockout Low
GHSA-3hrr-xwvg-hxvr was published for org.keycloak:keycloak-core (Maven) Feb 29, 2024 withdrawn
codespearhead Credited to codespearhead
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database