Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

12,451 advisories

Loading
Insufficient input validation vulnerability in NETGEAR devices allows authenticated... Moderate Unreviewed
CVE-2026-0417 was published Jun 9, 2026
Authenticated administrators connected to the local network can modify router functionality... Moderate Unreviewed
CVE-2026-0416 was published Jun 9, 2026
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated... Moderate Unreviewed
CVE-2026-0415 was published Jun 9, 2026
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit... Moderate Unreviewed
CVE-2026-0419 was published Jun 9, 2026
Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a... Moderate Unreviewed
CVE-2026-11701 was published Jun 9, 2026
Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed... Critical Unreviewed
CVE-2026-11697 was published Jun 9, 2026
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827... Low Unreviewed
CVE-2026-11691 was published Jun 9, 2026
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a... High Unreviewed
CVE-2026-11689 was published Jun 9, 2026
Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827... Low Unreviewed
CVE-2026-11686 was published Jun 9, 2026
Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103... Moderate Unreviewed
CVE-2026-11685 was published Jun 9, 2026
Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote... Critical Unreviewed
CVE-2026-11659 was published Jun 9, 2026
Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who... Low Unreviewed
CVE-2026-11675 was published Jun 9, 2026
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827... High Unreviewed
CVE-2026-11660 was published Jun 9, 2026
Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior... High Unreviewed
CVE-2026-11676 was published Jun 9, 2026
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103... Moderate Unreviewed
CVE-2026-11666 was published Jun 9, 2026
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103... Moderate Unreviewed
CVE-2026-11658 was published Jun 9, 2026
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a... High Unreviewed
CVE-2026-11682 was published Jun 9, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a... Moderate Unreviewed
CVE-2026-11653 was published Jun 9, 2026
Routinator crashes when sending a maliciously crafted select-asn query parameter High
CVE-2026-49234 was published for routinator (Rust) Jun 8, 2026
Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews. Critical
CVE-2026-47430 was published for cordova-plugin-inappbrowser (npm) Jun 8, 2026
NiklasMerz Credited to NiklasMerz
A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown... Low Unreviewed
CVE-2026-11460 was published Jun 7, 2026
Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points High
CVE-2026-47732 was published for twig/twig (Composer) Jun 5, 2026
fabpot Credited to fabpot
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2... High Unreviewed
CVE-2026-8714 was published Jun 5, 2026
An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to... High Unreviewed
CVE-2026-36501 was published Jun 5, 2026
In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed... High Unreviewed
CVE-2025-5089 was published Jun 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database