Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,068 advisories

Loading
Nur-Alam39 bus-ticket (no released versions; latest commit... Critical Unreviewed
CVE-2026-55740 was published Jun 18, 2026
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink... Critical Unreviewed
CVE-2026-12569 was published Jun 18, 2026
Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple... Critical Unreviewed
CVE-2026-54388 was published Jun 17, 2026
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length... Critical Unreviewed
CVE-2026-54387 was published Jun 17, 2026
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in... Critical Unreviewed
CVE-2026-55200 was published Jun 17, 2026
Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey... Critical Unreviewed
CVE-2026-55196 was published Jun 17, 2026
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation Critical
CVE-2026-55518 was published for avo (RubyGems) Jun 17, 2026
xIllunight Credited to xIllunight and Paul-Bob Paul-Bob Paul-Bob
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory Critical
CVE-2026-55471 was published for ca.uhn.hapi.fhir:org.hl7.fhir.utilities (Maven) Jun 17, 2026
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak Critical
CVE-2026-55450 was published for langflow (pip) Jun 17, 2026
vbCrLf Credited to vbCrLf, Jkavia, erichare, AntonioABLima, andifilhohub, and Adam-Aghili Jkavia Jkavia
erichare erichare AntonioABLima AntonioABLima andifilhohub andifilhohub Adam-Aghili Adam-Aghili
NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution... Critical Unreviewed
CVE-2026-53805 was published Jun 17, 2026
Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread... Critical Unreviewed
CVE-2026-3894 was published Jun 17, 2026
In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute... Critical Unreviewed
CVE-2026-20266 was published Jun 17, 2026
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows... Critical Unreviewed
CVE-2026-2467 was published Jun 17, 2026
picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated... Critical Unreviewed
CVE-2026-53874 was published Jun 17, 2026
picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the... Critical Unreviewed
CVE-2026-3490 was published Jun 17, 2026
JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper... Critical Unreviewed
CVE-2026-36418 was published Jun 17, 2026
picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to... Critical Unreviewed
CVE-2026-53873 was published Jun 17, 2026
picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote... Critical Unreviewed
CVE-2025-71323 was published Jun 17, 2026
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute... Critical Unreviewed
CVE-2026-20181 was published Jun 17, 2026
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and... Critical Unreviewed
CVE-2026-42055 was published Jun 17, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-54812 was published Jun 17, 2026
NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is... Critical Unreviewed
CVE-2026-42530 was published Jun 17, 2026
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers... Critical Unreviewed
CVE-2025-71321 was published Jun 17, 2026
The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 ... Critical Unreviewed
CVE-2026-55743 was published Jun 17, 2026
picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and... Critical Unreviewed
CVE-2025-71320 was published Jun 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database