Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

475 advisories

Loading
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject... Low Unreviewed
CVE-2026-0238 was published May 13, 2026
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and... Low Unreviewed
CVE-2026-34685 was published May 12, 2026
Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from * before... Low Unreviewed
CVE-2026-34086 was published May 11, 2026
container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command Low
GHSA-39g5-644c-qwcg was published for github.com/apple/container (Swift) May 7, 2026
XlabAITeam Credited to XlabAITeam and 0xmrma 0xmrma 0xmrma
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778... Low Unreviewed
CVE-2026-7966 was published May 6, 2026
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96... Low Unreviewed
CVE-2026-7965 was published May 6, 2026
Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96... Low Unreviewed
CVE-2026-7968 was published May 6, 2026
Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96... Low Unreviewed
CVE-2026-7945 was published May 6, 2026
Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0... Low Unreviewed
CVE-2026-7944 was published May 6, 2026
Grav has Insecure Deserialization in File Cache Low
CVE-2026-7317 was published for getgrav/grav (Composer) May 5, 2026
devsamuelsantiago Credited to devsamuelsantiago
A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function... Low Unreviewed
CVE-2026-7712 was published May 4, 2026
mem0ai mem0 has an Improper Input Validation Issue Low
CVE-2026-7597 was published for mem0ai (pip) May 2, 2026
ps_checkout allows unauthorized method invocation through unvalidated parameter Low
GHSA-mqq7-wxx5-mp8h was published for prestashop/ps_checkout (Composer) Apr 30, 2026
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727... Low Unreviewed
CVE-2026-7360 was published Apr 29, 2026
Duplicate Advisory: Grav has Insecure Deserialization in File Cache Low
GHSA-j7rw-325j-2rmx was published for getgrav/grav (Composer) Apr 29, 2026 withdrawn
uutils coreutils has an Improper Input Validation Issue in its env Utility Low
CVE-2026-35377 was published for coreutils (Rust) Apr 22, 2026
Cockpit has NoSQL Injection Through Content Aggregation Pipelines Low
CVE-2026-6626 was published for cockpit-hq/cockpit (Composer) Apr 20, 2026
Rand is unsound with a custom logger using rand::rng() Low
GHSA-cq8v-f236-94qc was published for rand (Rust) Apr 14, 2026
simonhollingshead Credited to simonhollingshead, ShoyuVanilla, and nbagnard ShoyuVanilla ShoyuVanilla
nbagnard nbagnard
A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function... Low Unreviewed
CVE-2026-5473 was published Apr 3, 2026
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass Low
CVE-2026-35038 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber Low
CVE-2026-34762 was published for github.com/ellanetworks/core (Go) Apr 1, 2026
offset Credited to offset
A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall... Low Unreviewed
CVE-2026-3469 was published Mar 31, 2026
A vulnerability exists in the SonicWall Email Security appliance due to improper input... Low Unreviewed
CVE-2026-3470 was published Mar 31, 2026
Astro: Remote allowlist bypass via unanchored matchPathname wildcard Low
CVE-2026-33769 was published for astro (npm) Mar 26, 2026
christos-eth Credited to christos-eth
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject... Low Unreviewed
CVE-2025-55270 was published Mar 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database