Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
3,984
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

31,457 advisories

Loading
NocoDB: Path Traversal via SQLite Source Filename Moderate
CVE-2026-47385 was published for nocodb (npm) Jun 5, 2026
Mouhebbenelwafi Credited to Mouhebbenelwafi
NocoDB: SQL Injection via Column Title in Bulk GroupBy Moderate
CVE-2026-47384 was published for nocodb (npm) Jun 5, 2026
geo-chen Credited to geo-chen
NocoDB: Stored Cross-Site Scripting via Row Comments High
CVE-2026-47383 was published for nocodb (npm) Jun 5, 2026
DavidCarliez Credited to DavidCarliez and Mouhebbenelwafi Mouhebbenelwafi Mouhebbenelwafi
NocoDB: Server-Side Request Forgery via Database Connection Host Moderate
CVE-2026-47382 was published for nocodb (npm) Jun 5, 2026
helwor-01 Credited to helwor-01
NocoDB: Cross-Workspace Integration Use in Connection Test Moderate
CVE-2026-47381 was published for nocodb (npm) Jun 5, 2026
DongyangLyu Credited to DongyangLyu
NocoDB: User Enumeration via Sign-In Timing Low
CVE-2026-47380 was published for nocodb (npm) Jun 5, 2026
AndyAnh174 Credited to AndyAnh174
NocoDB: Plaintext Password Comparison in Shared Views Moderate
CVE-2026-47379 was published for nocodb (npm) Jun 5, 2026
Proscan-one Credited to Proscan-one
NocoDB: Hidden Column Exposure in Public Shared View Endpoints Moderate
CVE-2026-47378 was published for nocodb (npm) Jun 5, 2026
0xBassia Credited to 0xBassia
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin Moderate
CVE-2026-47377 was published for nocodb (npm) Jun 5, 2026
fg0x0 Credited to fg0x0
NocoDB: Reflected Cross-Site Scripting via Password Reset Token Moderate
CVE-2026-47376 was published for nocodb (npm) Jun 5, 2026
fg0x0 Credited to fg0x0
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT` Moderate
CVE-2026-47375 was published for nocodb (npm) Jun 5, 2026
leduckhuong Credited to leduckhuong
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints Moderate
CVE-2026-47279 was published for nocodb (npm) Jun 5, 2026
leduckhuong Credited to leduckhuong
wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction High
CVE-2026-47261 was published for wasmtime-wasi (Rust) Jun 5, 2026
shumbo Credited to shumbo
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration Moderate
CVE-2026-47250 was published for mcp-server-kubernetes (npm) Jun 5, 2026
yotampe-pluto Credited to yotampe-pluto
Klever-Go KVM: Hash-array amplification in P2P resolver request handling High
CVE-2026-47249 was published for github.com/klever-io/klever-go (Go) Jun 5, 2026
leduckhuong Credited to leduckhuong
Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService High
CVE-2026-45726 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic Low
CVE-2026-45723 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token High
CVE-2026-45720 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
Vantage6: 2FA can be circumvented with hacked email access Moderate
CVE-2024-27928 was published for vantage6 (pip) Jun 5, 2026
Vantage6: No limit on emails sent for password/MFA reset Low
CVE-2024-24769 was published for vantage6 (pip) Jun 5, 2026
MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper Critical
CVE-2026-47708 was published for stata-mcp (pip) Jun 4, 2026
SepineTam Credited to SepineTam
AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle Moderate
CVE-2026-47703 was published for github.com/AdguardTeam/AdGuardHome (Go) Jun 4, 2026
N0zoM1z0 Credited to N0zoM1z0
Supply chain compromise via malicious @cap-js/openapi Critical
GHSA-jpvj-wpmj-h7rv was published for @cap-js/openapi (npm) Jun 4, 2026
Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation Moderate
CVE-2026-48013 was published for shopware/core (Composer) Jun 4, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Shopware: Stored XSS via SVG file upload — no SVG sanitization Moderate
CVE-2026-48015 was published for shopware/core (Composer) Jun 4, 2026
Keyvanhardani Credited to Keyvanhardani
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database