豆豆友情提示:这是一个非官方 GitHub 代理镜像,主要用于网络测试或访问加速。请勿在此进行登录、注册或处理任何敏感信息。进行这些操作请务必访问官方网站 github.com。 Raw 内容也通过此代理提供。
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,107 advisories

Loading
A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the... Moderate Unreviewed
CVE-2026-6650 was published Apr 20, 2026
A vulnerability was found in rickxy Hospital Management System up to... Moderate Unreviewed
CVE-2026-6602 was published Apr 20, 2026
A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the... Moderate Unreviewed
CVE-2026-6596 was published Apr 20, 2026
A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function... Moderate Unreviewed
CVE-2026-6561 was published Apr 19, 2026
Dapr: Service Invocation path traversal ACL bypass High
GHSA-85gx-3qv6-4463 was published for github.com/dapr/dapr (Go) Apr 17, 2026
cicoyle Credited to cicoyle and acroca acroca acroca
OpenClaw: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0 High
GHSA-525j-hqq2-66r4 was published for openclaw (npm) Apr 17, 2026
R1kko1337 Credited to R1kko1337
Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR) High
GHSA-3prp-9gf7-4rxx was published for flowise (npm) Apr 17, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Neo4j Labs MCP Servers: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures Low
CVE-2026-35402 was published for mcp-neo4j-cypher (pip) Apr 17, 2026
yotampe-pluto Credited to yotampe-pluto
A security flaw has been discovered in QueryMine sms up to... Moderate Unreviewed
CVE-2026-6489 was published Apr 17, 2026
Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email High
GHSA-gqqj-85qm-8qhf was published for paperclipai (npm) Apr 16, 2026
madrobotnet Credited to madrobotnet
Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox High
GHSA-xhmj-rg95-44hv was published for flowise (npm) Apr 16, 2026
Sn1r Credited to Sn1r
zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records Moderate
CVE-2026-40304 was published for github.com/openziti/zrok (Go) Apr 16, 2026
bugbunny-research Credited to bugbunny-research
Weblate: Improper access control for pending tasks in API Low
CVE-2026-33212 was published for weblate (pip) Apr 16, 2026
nijel Credited to nijel
An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar... Moderate Unreviewed
CVE-2026-37100 was published Apr 16, 2026
goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files Critical
CVE-2026-31843 was published for goodoneuz/pay-uz (Composer) Apr 16, 2026
wger has Broken Access Control in Global Gym Configuration Update Endpoint High
CVE-2026-40474 was published for wger (pip) Apr 16, 2026
VashuVats Credited to VashuVats
Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote... Low Unreviewed
CVE-2026-6313 was published Apr 15, 2026
Incorrect access control in the config.php component of Slah v1.5.0 and below allows... High Unreviewed
CVE-2026-30994 was published Apr 15, 2026
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2026-20203 was published Apr 15, 2026
October Rain has a Twig Sandbox Bypass via Collection Methods Moderate
CVE-2026-22692 was published for october/rain (Composer) Apr 14, 2026
lukasz-rybak Credited to lukasz-rybak and daftspunk daftspunk daftspunk
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to... Moderate Unreviewed
CVE-2026-32214 was published Apr 14, 2026
Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an... Moderate Unreviewed
CVE-2026-32220 was published Apr 14, 2026
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to... Moderate Unreviewed
CVE-2026-33103 was published Apr 14, 2026
Improper access control in Microsoft Management Console allows an authorized attacker to elevate... High Unreviewed
CVE-2026-27914 was published Apr 14, 2026
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2026-26183 was published Apr 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database