Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS... Critical Unreviewed
CVE-2025-66276 was published Jun 10, 2026
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... Critical Unreviewed
CVE-2026-44963 was published Jun 10, 2026
Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter Critical
CVE-2026-48030 was published for pheditor/pheditor (Composer) Jun 9, 2026
muslimbek-0x Credited to muslimbek-0x
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground Critical
CVE-2026-8467 was published for phoenix_storybook (Erlang) Jun 9, 2026
maennchen Credited to maennchen, ndelphit, cnkk, and cblavier ndelphit ndelphit
cnkk cnkk cblavier cblavier
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect... Critical Unreviewed
CVE-2026-48303 was published Jun 9, 2026
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side... Critical Unreviewed
CVE-2026-47938 was published Jun 9, 2026
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation... Critical Unreviewed
CVE-2026-47928 was published Jun 9, 2026
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3... Critical Unreviewed
CVE-2026-36727 was published Jun 9, 2026
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2... Critical Unreviewed
CVE-2026-10045 was published Jun 9, 2026
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8... Critical Unreviewed
CVE-2026-36721 was published Jun 9, 2026
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a... Critical Unreviewed
CVE-2026-34691 was published Jun 9, 2026
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-47643 was published Jun 9, 2026
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-47281 was published Jun 9, 2026
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute... Critical Unreviewed
CVE-2026-47291 was published Jun 9, 2026
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network. Critical Unreviewed
CVE-2026-45657 was published Jun 9, 2026
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering... Critical Unreviewed
CVE-2026-45602 was published Jun 9, 2026
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free... Critical Unreviewed
CVE-2026-45447 was published Jun 9, 2026
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute... Critical Unreviewed
CVE-2026-44815 was published Jun 9, 2026
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-42904 was published Jun 9, 2026
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input... Critical Unreviewed
CVE-2026-34182 was published Jun 9, 2026
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. Critical Unreviewed
CVE-2026-38615 was published Jun 9, 2026
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-26142 was published Jun 9, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')... Critical Unreviewed
CVE-2026-8025 was published Jun 9, 2026
A improper neutralization of special elements used in an os command ('os command injection')... Critical Unreviewed
CVE-2026-25089 was published Jun 9, 2026
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and... Critical Unreviewed
CVE-2026-10523 was published Jun 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database