Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary... Critical Unreviewed
CVE-2026-53787 was published Jun 12, 2026
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food... Critical Unreviewed
CVE-2026-6853 was published Jun 12, 2026
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are... Critical Unreviewed
CVE-2026-10557 was published Jun 12, 2026
The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials... Critical Unreviewed
CVE-2026-11849 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47369 was published Jun 12, 2026
Improper authentication checks in the OAuth implementation allow account hijacking even when... Critical Unreviewed
CVE-2026-48611 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47370 was published Jun 12, 2026
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM,... Critical Unreviewed
CVE-2026-47365 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47367 was published Jun 12, 2026
Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows... Critical Unreviewed
CVE-2026-49060 was published Jun 12, 2026
Incomplete input validation and improperly configured folder permissions within Idira Privileged... Critical Unreviewed
CVE-2026-45171 was published Jun 12, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-42647 was published Jun 12, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-39494 was published Jun 12, 2026
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric... Critical Unreviewed
CVE-2026-50638 was published Jun 10, 2026
Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that... Critical Unreviewed
CVE-2026-49973 was published Jun 11, 2026
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its... Critical Unreviewed
CVE-2026-45177 was published Jun 11, 2026
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as... Critical Unreviewed
CVE-2026-41005 was published Jun 11, 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1... Critical Unreviewed
CVE-2026-10520 was published Jun 9, 2026
SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote... Critical Unreviewed
CVE-2026-38581 was published Jun 11, 2026
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS... Critical Unreviewed
CVE-2026-9648 was published Jun 11, 2026
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information... Critical Unreviewed
CVE-2026-11839 was published Jun 11, 2026
CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule Critical
CVE-2026-48062 was published for codeigniter4/framework (Composer) Jun 11, 2026
z3moo Credited to z3moo and teebow1e teebow1e teebow1e
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC... Critical Unreviewed
CVE-2026-7852 was published Jun 11, 2026
Spring Cloud Config vulnerable to Path Traversal Critical
CVE-2026-40982 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 7, 2026
scottfrederick Credited to scottfrederick
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability Critical
CVE-2024-30564 was published for @andrei-tatar/nora-firebase-common (npm) Apr 18, 2024
TheeCryptoChad Credited to TheeCryptoChad
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database