Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Mistune Image Directive CSS Injection Vulnerability Moderate
CVE-2026-44899 was published for mistune (pip) May 14, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune TOC Anchor Injection XSS Moderate
CVE-2026-44898 was published for mistune (pip) May 14, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune Heading ID Attribute has Injection XSS Moderate
CVE-2026-44897 was published for mistune (pip) May 9, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
Mistune Math Plugin has an XSS Escape Bypass Moderate
CVE-2026-44708 was published for mistune (pip) May 8, 2026
QiaoNPC Credited to QiaoNPC and Across-Verticals-Malaysia Across-Verticals-Malaysia Across-Verticals-Malaysia
`potato-annotation` has a Project-Boundary Bypass Moderate
GHSA-q9m2-fhv9-3jcf was published for potato-annotation (pip) May 8, 2026
QiaoNPC Credited to QiaoNPC
ots has a negative expire override that can bypass its secret retention policy Moderate
GHSA-h5fq-653g-gxrm was published for github.com/Luzifer/ots (Go) May 5, 2026
QiaoNPC Credited to QiaoNPC
Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) Critical
CVE-2026-41478 was published for @saltcorn/server (npm) Apr 16, 2026
QiaoNPC Credited to QiaoNPC
Note Mark has Broken Access Control on Asset Download Moderate
CVE-2026-40265 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel Low
CVE-2026-40263 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
Note Mark has Stored XSS via Unrestricted Asset Upload High
CVE-2026-40262 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
monetr: Protected Transactions Deletable via PUT Moderate
CVE-2026-39901 was published for github.com/monetr/monetr (Go) Apr 8, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, th3fallen, and elliotcourant Across-Verticals-Malaysia Across-Verticals-Malaysia
th3fallen th3fallen elliotcourant elliotcourant
D-Tale: Remote Code Execution through redis/shelf storage Moderate
CVE-2026-35052 was published for dtale (pip) Apr 3, 2026
QiaoNPC Credited to QiaoNPC
Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint Moderate
CVE-2026-33638 was published for github.com/lin-snow/ech0 (Go) Mar 24, 2026
QiaoNPC Credited to QiaoNPC
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database