GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,500
Composer 5,543
Erlang 49
GitHub Actions 49
Go 3,417
Maven 6,361
npm 5,631
NuGet 882
pip 4,658
Pub 13
RubyGems 1,027
Rust 1,211
Swift 53

Unreviewed advisories

All unreviewed 296,657

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

71 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message Moderate

CVE-2026-35545 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message Moderate

CVE-2026-35543 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

Roundcube: Bypass of remote image blocking via crafted BODY background attribute Moderate

CVE-2026-35542 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages Moderate

CVE-2026-35544 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages Moderate

CVE-2026-35540 was published for roundcube/roundcubemail (Composer) Apr 3, 2026

A low-privileged remote attacker may be able to replace the boot application of the CODESYS... High Unreviewed

CVE-2025-41660 was published Mar 24, 2026

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API. Moderate Unreviewed

CVE-2026-33265 was published Mar 18, 2026

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from... Low Unreviewed

CVE-2026-32772 was published Mar 16, 2026

OpenStack Nova calls qemu-img without format restrictions for resize High

CVE-2026-24708 was published for Nova (pip) Feb 18, 2026

Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl High

GHSA-r2c6-8jc8-g32w was published for clawdbot (npm) Feb 2, 2026 • withdrawn

Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context Critical

CVE-2025-67895 was published for apache-airflow-providers-edge3 (pip) Dec 17, 2025

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. High Unreviewed

CVE-2025-62775 was published Oct 22, 2025

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed

CVE-2025-62646 was published Oct 17, 2025

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users... Moderate Unreviewed

CVE-2025-62292 was published Oct 10, 2025

The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to... Low Unreviewed

CVE-2025-56675 was published Sep 30, 2025

PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the... Low Unreviewed

CVE-2025-59692 was published Sep 19, 2025

PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside... Low Unreviewed

CVE-2025-59691 was published Sep 19, 2025

Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for... Low Unreviewed

CVE-2025-59453 was published Sep 16, 2025

In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to... Moderate Unreviewed

CVE-2025-59378 was published Sep 15, 2025

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps... High Unreviewed

CVE-2025-59363 was published Sep 14, 2025

Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified... Critical Unreviewed

CVE-2025-34158 was published Aug 21, 2025

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the... Low Unreviewed

CVE-2025-54956 was published Aug 3, 2025

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts... Low Unreviewed

CVE-2025-54352 was published Jul 21, 2025

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL... Moderate Unreviewed

CVE-2025-54310 was published Jul 18, 2025

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that... High Unreviewed

CVE-2025-41645 was published May 13, 2025

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

71 advisories