Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a... Critical Unreviewed
CVE-2026-12027 was published Jun 12, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-39494 was published Jun 12, 2026
Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that... Critical Unreviewed
CVE-2026-49973 was published Jun 11, 2026
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its... Critical Unreviewed
CVE-2026-45177 was published Jun 11, 2026
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as... Critical Unreviewed
CVE-2026-41005 was published Jun 11, 2026
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS... Critical Unreviewed
CVE-2026-9648 was published Jun 11, 2026
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information... Critical Unreviewed
CVE-2026-11839 was published Jun 11, 2026
CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule Critical
CVE-2026-48062 was published for codeigniter4/framework (Composer) Jun 11, 2026
z3moo Credited to z3moo and teebow1e teebow1e teebow1e
SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote... Critical Unreviewed
CVE-2026-38581 was published Jun 11, 2026
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC... Critical Unreviewed
CVE-2026-7852 was published Jun 11, 2026
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token Critical
CVE-2026-48039 was published for meta-ads-mcp (pip) Jun 11, 2026
232-323 Credited to 232-323
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on... Critical Unreviewed
CVE-2026-4764 was published Jun 11, 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... Critical Unreviewed
CVE-2026-35273 was published Jun 11, 2026
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric... Critical Unreviewed
CVE-2026-50638 was published Jun 10, 2026
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload Critical
CVE-2026-48063 was published for @whiskeysockets/baileys (npm) Jun 10, 2026
purpshell Credited to purpshell and SheIITear SheIITear SheIITear
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below... Critical Unreviewed
CVE-2026-20253 was published Jun 10, 2026
A flaw was found in migration-planner. A remote authenticated attacker could exploit this... Critical Unreviewed
CVE-2026-53474 was published Jun 10, 2026
A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer... Critical Unreviewed
CVE-2026-53475 was published Jun 10, 2026
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access... Critical Unreviewed
CVE-2026-53470 was published Jun 10, 2026
A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by... Critical Unreviewed
CVE-2026-53469 was published Jun 10, 2026
A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same... Critical Unreviewed
CVE-2026-53476 was published Jun 10, 2026
A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs)... Critical Unreviewed
CVE-2026-53471 was published Jun 10, 2026
Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery Critical
CVE-2026-48031 was published for github.com/dhax/go-base (Go) Jun 10, 2026
saaa99999999 Credited to saaa99999999
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2025-6254 was published Jun 10, 2026
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user... Critical Unreviewed
CVE-2026-9067 was published Jun 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database