Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check Moderate
CVE-2026-44426 was published for github.com/shellhub-io/shellhub (Go) May 7, 2026
Edu0x01 Credited to Edu0x01
ShellHub has crash-DoS via field injection in filter and sort-by parameters Moderate
CVE-2026-44425 was published for github.com/shellhub-io/shellhub (Go) May 6, 2026
Edu0x01 Credited to Edu0x01
ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data Moderate
CVE-2026-44423 was published for github.com/shellhub-io/shellhub (Go) May 6, 2026
Edu0x01 Credited to Edu0x01
ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace Moderate
CVE-2026-44424 was published for github.com/shellhub-io/shellhub (Go) May 6, 2026
Edu0x01 Credited to Edu0x01
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database