Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,092
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
Gogs: XSS in .ipynb files renderer due to outdated notebookjs High
GHSA-6vxv-wg6j-5qwp was published for gogs.io/gogs (Go) Jun 19, 2026
Aikido-Security Credited to Aikido-Security, JorianWoltjer, and grumpinout1 JorianWoltjer JorianWoltjer
grumpinout1 grumpinout1
Open WebUI: Cross-origin postMessage confirmation bypass via action:submit High
CVE-2026-54007 was published for open-webui (pip) Jun 17, 2026
Aikido-Security Credited to Aikido-Security, JorianWoltjer, grumpinout1, and Classic298 JorianWoltjer JorianWoltjer
grumpinout1 grumpinout1 Classic298 Classic298
Open WebUI has XSS via SVG in /api/v1/channels/webhooks/{webhook_id}/profile/image High
CVE-2026-45314 was published for open-webui (pip) May 14, 2026
Aikido-Security Credited to Aikido-Security, JorianWoltjer, reindaelman, grumpinout1, and Classic298 JorianWoltjer JorianWoltjer
reindaelman reindaelman grumpinout1 grumpinout1 Classic298 Classic298
Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands Moderate
CVE-2026-42184 was published for tauri (Rust) May 6, 2026
grumpinout1 Credited to grumpinout1, chippers, FabianLars, and tweidinger chippers chippers
FabianLars FabianLars tweidinger tweidinger
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution Moderate
CVE-2026-42228 was published for n8n (npm) Apr 29, 2026
34selen Credited to 34selen, Aikido-Security, JorianWoltjer, reindaelman, grumpinout1, and vbCrLf Aikido-Security Aikido-Security
JorianWoltjer JorianWoltjer reindaelman reindaelman grumpinout1 grumpinout1 vbCrLf vbCrLf
Storybook Dev Server is Vulnerable to WebSocket Hijacking High
CVE-2026-27148 was published for storybook (npm) Feb 26, 2026
Aikido-Security Credited to Aikido-Security, reindaelman, grumpinout1, and JorianWoltjer reindaelman reindaelman
grumpinout1 grumpinout1 JorianWoltjer JorianWoltjer
Astro has Full-Read SSRF in error rendering via Host: header injection Moderate
CVE-2026-25545 was published for @astrojs/node (npm) Feb 23, 2026
Aikido-Security Credited to Aikido-Security, reindaelman, JorianWoltjer, grumpinout1, and kytta reindaelman reindaelman
JorianWoltjer JorianWoltjer grumpinout1 grumpinout1 kytta kytta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database