Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,466 advisories

Loading
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions Low
CVE-2026-22706 was published for @strapi/admin (npm) May 13, 2026
zaddy6 Credited to zaddy6, arthurgervais, derrickmehaffy, and AndyAnh174 arthurgervais arthurgervais
derrickmehaffy derrickmehaffy AndyAnh174 AndyAnh174
Strapi Vulnerable to SQL Injection in Content Type Builder Critical
CVE-2026-22599 was published for @strapi/content-type-builder (npm) May 13, 2026
whiteov3rflow Credited to whiteov3rflow, derrickmehaffy, and markkaylor derrickmehaffy derrickmehaffy
markkaylor markkaylor
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying Moderate
CVE-2025-64526 was published for @strapi/plugin-users-permissions (npm) May 13, 2026
adriatikii Credited to adriatikii and derrickmehaffy derrickmehaffy derrickmehaffy
SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution Critical
CVE-2026-45375 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
Revanth011 Credited to Revanth011
SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs High
CVE-2026-45371 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
fg0x0 Credited to fg0x0
Anchor: `InterfaceAccount` allows account substitution between unexpected types High
GHSA-429q-fhh4-r6hj was published for anchor-lang (Rust) May 13, 2026
acheroncrypto Credited to acheroncrypto
wger has an Uncontrolled Resource Consumption issue Moderate
GHSA-v25j-wqcw-fvhj was published for wger (pip) May 13, 2026
KadirArslan Credited to KadirArslan
Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy Critical
CVE-2026-45083 was published for io.goobi.viewer:viewer-core (Maven) May 13, 2026
uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution High
CVE-2026-45152 was published for gitlab.com/uniget-org/cli (Go) May 13, 2026
0x5t4l1n Credited to 0x5t4l1n
SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode Moderate
CVE-2026-45148 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
StarPlatinu Credited to StarPlatinu
SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk Moderate
CVE-2026-45147 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
StarPlatinu Credited to StarPlatinu
Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server Critical
GHSA-vw82-7fv8-r6gp was published for github.com/obot-platform/obot (Go) May 13, 2026
Anchor: Program<'info, System> is not properly validated High
CVE-2026-45137 was published for anchor-lang (Rust) May 13, 2026
Matthias1590 Credited to Matthias1590
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh High
CVE-2026-45136 was published for claude-code-cache-fix (npm) May 13, 2026
schuay Credited to schuay
Nautobot: GitRepository.current_head field should not be writable through REST API High
CVE-2026-44798 was published for nautobot (pip) May 13, 2026
holmie Credited to holmie
Nautobot: Webhook definitions could be used for server-side request forgery (SSRF) High
CVE-2026-44797 was published for nautobot (pip) May 13, 2026
whatisproblem Credited to whatisproblem
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS) Moderate
CVE-2026-44796 was published for nautobot (pip) May 13, 2026
whatisproblem Credited to whatisproblem
Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference Moderate
CVE-2026-44794 was published for nautobot (pip) May 13, 2026
whatisproblem Credited to whatisproblem
Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false Moderate
CVE-2026-44774 was published for github.com/traefik/traefik (Go) May 13, 2026
tamemghq Credited to tamemghq
go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion Moderate
CVE-2026-44740 was published for github.com/go-git/go-billy/v5 (Go) May 13, 2026
faran66 Credited to faran66
Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray() High
CVE-2026-44738 was published for getgrav/grav (Composer) May 13, 2026
Revanth011 Credited to Revanth011
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning High
CVE-2026-45134 was published for langchain (npm) May 13, 2026
Moaaz-0x Credited to Moaaz-0x and berardinellidaniele berardinellidaniele berardinellidaniele
Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name High
CVE-2026-44724 was published for systeminformation (npm) May 13, 2026
thesmartshadow Credited to thesmartshadow
OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover Moderate
CVE-2026-44720 was published for openlearnx (npm) May 13, 2026
krrazee Credited to krrazee and 0x5t4l1n 0x5t4l1n 0x5t4l1n
Astro: Server island encrypted parameters vulnerable to cross-component replay Low
CVE-2026-45028 was published for astro (npm) May 13, 2026
Popax21 Credited to Popax21
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database