豆豆友情提示:这是一个非官方 GitHub 代理镜像,主要用于网络测试或访问加速。请勿在此进行登录、注册或处理任何敏感信息。进行这些操作请务必访问官方网站 github.com。 Raw 内容也通过此代理提供。
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,215 advisories

Loading
Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) High
GHSA-cvq5-hhx3-f99p was published for github.com/kyverno/kyverno (Go) Apr 16, 2026
jrey8343 Credited to jrey8343
Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog in My Calendar High
CVE-2026-40308 was published for joedolson/my-calendar (Composer) Apr 16, 2026
minhi1 Credited to minhi1
OmniFaces: EL injection via crafted resource name in wildcard CDN mapping High
GHSA-vp6r-9m58-5xv8 was published for org.omnifaces:omnifaces (Maven) Apr 16, 2026
clapbr Credited to clapbr
pypdf: Manipulated FlateDecode image dimensions can exhaust RAM Moderate
GHSA-x284-j5p8-9c5p was published for pypdf (pip) Apr 16, 2026
l3b4nk4 Credited to l3b4nk4 and stefan6419846 stefan6419846 stefan6419846
pypdf: Possible long runtimes for wrong size values in incremental mode Moderate
GHSA-4pxv-j86v-mhcw was published for pypdf (pip) Apr 16, 2026
l3b4nk4 Credited to l3b4nk4 and stefan6419846 stefan6419846 stefan6419846
pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM Moderate
GHSA-7gw9-cf7v-778f was published for pypdf (pip) Apr 16, 2026
l3b4nk4 Credited to l3b4nk4 and stefan6419846 stefan6419846 stefan6419846
ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider High
CVE-2026-40611 was published for github.com/go-acme/lego (Go) Apr 16, 2026
RealHurrison Credited to RealHurrison
Home Assistant Command-line Interface: Handling of user-supplied Jinja2 templates Moderate
CVE-2026-40602 was published for homeassistant-cli (pip) Apr 16, 2026
heyitsPiyush Credited to heyitsPiyush and fabaff fabaff fabaff
Official Clerk JavaScript SDKs: Middleware-based route protection bypass Critical
GHSA-vqx2-fgx2-5wq9 was published for @clerk/astro (npm) Apr 16, 2026
YouGina Credited to YouGina
Statamic: Unsafe method invocation via query value resolution allows data destruction High
GHSA-4jjr-vmv7-wh4w was published for statamic/cms (Composer) Apr 16, 2026
joshuaalwin Credited to joshuaalwin and kodareef5 kodareef5 kodareef5
WWBN AVideo: RCE cause by clonesite plugin High
GHSA-xr6f-h4x7-r6qp was published for wwbn/avideo (Composer) Apr 16, 2026
electerm: electerm_install_script_CommandInjection Vulnerability Report Critical
GHSA-wxw2-rwmh-vr8f was published for electerm (npm) Apr 16, 2026
Yuremin Credited to Yuremin and FORIMOC FORIMOC FORIMOC
Flowise Execute Flow function has an SSRF vulnerability Moderate
GHSA-9hrv-gvrv-6gf2 was published for flowise (npm) Apr 16, 2026
cn-panda Credited to cn-panda
Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) Moderate
GHSA-qqvm-66q4-vf5c was published for flowise (npm) Apr 16, 2026
ESPanda666 Credited to ESPanda666
Flowise: Path Traversal in Vector Store basePath Moderate
GHSA-w6v6-49gh-mc9w was published for flowise (npm) Apr 16, 2026
tenbbughunters Credited to tenbbughunters
Flowise: Weak Default Token Hash Secret Moderate
GHSA-m7mq-85xj-9x33 was published for flowise (npm) Apr 16, 2026
kolega-ai-dev Credited to kolega-ai-dev
Flowise: Weak Default Express Session Secret Moderate
GHSA-2qqc-p94c-hxwh was published for flowise (npm) Apr 16, 2026
kolega-ai-dev Credited to kolega-ai-dev
Flowise: Weak Default JWT Secrets Moderate
GHSA-cc4f-hjpj-g9p8 was published for flowise (npm) Apr 16, 2026
kolega-ai-dev Credited to kolega-ai-dev
Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request Moderate
GHSA-6pcv-j4jx-m4vx was published for flowise (npm) Apr 16, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
OpenClaw: TOCTOU read in exec script preflight Low
GHSA-gj9q-8w99-mp8j was published for openclaw (npm) Apr 16, 2026
kikayli Credited to kikayli
Flowise: Authenticated RCE Via MCP Adapters Critical
CVE-2026-40933 was published for flowise (npm) Apr 16, 2026
MosesOX Credited to MosesOX
webpki: Name constraints were accepted for certificates asserting a wildcard name Low
GHSA-xgp8-3hg3-c2mh was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
Mako: Path traversal via double-slash URI prefix in TemplateLookup Moderate
GHSA-v92g-xgxw-vvmm was published for Mako (pip) Apr 16, 2026
0xHunSec Credited to 0xHunSec
webpki: Name constraints for URI names were incorrectly accepted Low
GHSA-965h-392x-2mh5 was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix Moderate
GHSA-hf5p-q87m-crj7 was published for com.github.junrar:junrar (Maven) Apr 16, 2026
subbudvk Credited to subbudvk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database