Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
Ech0 comment model's Email field returned on public /api/comments endpoints Moderate
GHSA-rj4g-rqgh-rx9h was published for github.com/lin-snow/Ech0 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha Critical
GHSA-289f-fq7w-6q2w was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header High
CVE-2026-43938 was published for YAFNET.Core (NuGet) May 5, 2026
MuhammadUwais Credited to MuhammadUwais
Incus has Blind SSRF via Image Import Preflight HEAD Moderate
CVE-2026-35527 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy High
CVE-2026-33039 was published for wwbn/avideo (Composer) Mar 17, 2026
bugbunny-research Credited to bugbunny-research
esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route High
CVE-2026-27730 was published for github.com/esm-dev/esm.sh (Go) Feb 25, 2026
poppo25 Credited to poppo25
An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This... Moderate Unreviewed
CVE-2025-0743 was published Jan 30, 2025
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify Moderate
CVE-2025-23221 was published for @fedify/fedify (npm) Jan 21, 2025
nnfrog Credited to nnfrog
useragent Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26311 was published for useragent (npm) Oct 26, 2024
dsimk Credited to dsimk
The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to... Moderate Unreviewed
CVE-2018-25100 was published Mar 24, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA] High
CVE-2024-28197 was published for github.com/zitadel/zitadel (Go) Mar 11, 2024
amit-laish Credited to amit-laish
An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1... Moderate Unreviewed
CVE-2023-45367 was published Oct 9, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy... Moderate Unreviewed
CVE-2023-2490 was published Jul 6, 2023
A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This... Moderate Unreviewed
CVE-2023-2395 was published Apr 29, 2023
The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent... Moderate Unreviewed
CVE-2011-0633 was published May 14, 2022
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB.... Moderate Unreviewed
CVE-2019-6979 was published May 14, 2022
Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile... Moderate Unreviewed
CVE-2015-2165 was published May 14, 2022
Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report... High Unreviewed
CVE-2008-1167 was published May 1, 2022
Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL... Moderate Unreviewed
CVE-2007-6699 was published May 1, 2022
Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to... Moderate Unreviewed
CVE-2006-2558 was published May 1, 2022
Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT ... Moderate Unreviewed
CVE-2001-0904 was published Apr 30, 2022
Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast... Moderate Unreviewed
CVE-2004-0781 was published Apr 29, 2022
Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote... Moderate Unreviewed
CVE-2003-1262 was published Apr 29, 2022
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness High
CVE-2020-8897 was published for aws-encryption-sdk (Maven) Oct 12, 2021
thaidn Credited to thaidn
ReDoS via long UserAgent header in useragent High
CVE-2017-16030 was published for useragent (npm) Jul 24, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database