Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,900
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

14,403 advisories

Loading
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8410 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8413 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8415 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8416 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8433 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8427 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8434 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8432 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8435 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8414 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8412 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8409 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8411 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because... Low Unreviewed
CVE-2026-8139 was published May 22, 2026
In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor... Low Unreviewed
CVE-2026-7890 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF... Low Unreviewed
CVE-2026-7882 was published May 22, 2026
For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A... Low Unreviewed
CVE-2026-7887 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[]... Low Unreviewed
CVE-2026-7886 was published May 22, 2026
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse Low
GHSA-qv2q-c278-pch5 was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd and LuiginoC LuiginoC LuiginoC
ImageMagick: Division by Zero in binomial kernel Low
GHSA-vf33-6r7x-66xx was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd
Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']` Low
CVE-2026-46637 was published for twig/cssinliner-extra (Composer) May 21, 2026
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects) Low
CVE-2026-46635 was published for twig/twig (Composer) May 21, 2026
twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments Low
CVE-2026-46629 was published for twig/intl-extra (Composer) May 21, 2026
Twig: The `spaceless` filter implicitly marks its output as safe Low
CVE-2026-46628 was published for twig/twig (Composer) May 21, 2026
NocoDB: Stale Auth Cache After API Token Deletion Low
CVE-2026-46554 was published for nocodb (npm) May 21, 2026
bugbunny-research Credited to bugbunny-research
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database