Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

339,386 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix... Moderate Unreviewed
CVE-2026-43004 was published May 1, 2026
An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript... Moderate Unreviewed
CVE-2026-3673 was published Apr 22, 2026
OSGeo GDAL vulnerable to out-of-bounds read Low
CVE-2026-8088 was published for GDAL (pip) May 7, 2026
OSGeo GDAL vulnerable to heap-based buffer overflow Low
CVE-2026-8087 was published for GDAL (pip) May 7, 2026
Postorius is vulnerable to XSS High
CVE-2026-44742 was published for postorius (pip) May 7, 2026
Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint Moderate
CVE-2026-36341 was published for krayin/laravel-crm (Composer) May 7, 2026
youtube-regex vulnerable to Regex Denial of Service High
CVE-2025-65122 was published for youtube-regex (npm) May 7, 2026
query-parser-string is vulnerable to Prototype Pollution Critical
CVE-2025-63704 was published for query-string-parser (npm) May 7, 2026
next-npm-version is vulnerable to Command injection Critical
CVE-2025-63706 was published for @jswork/next-npm-version (npm) May 7, 2026
node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js High
CVE-2025-63705 was published for node-ts-ocr (npm) May 7, 2026
parse-ini is vulnerable to Prototype Pollution in index.js() Critical
CVE-2025-63703 was published for parse-ini (npm) May 7, 2026
OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay Low
CVE-2026-43583 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Duplicate Advisory: OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay Moderate
GHSA-82rm-qcfx-2v78 was published for openclaw (npm) May 6, 2026 withdrawn
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and... High Unreviewed
CVE-2026-28995 was published May 11, 2026
A use after free issue was addressed with improved memory management. This issue is fixed in iOS... High Unreviewed
CVE-2026-28969 was published May 11, 2026
This issue was addressed with improved checks to prevent unauthorized actions. This issue is... High Unreviewed
CVE-2026-28974 was published May 11, 2026
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and... High Unreviewed
CVE-2026-28986 was published May 11, 2026
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and... Moderate Unreviewed
CVE-2026-43659 was published May 11, 2026
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the... High Unreviewed
CVE-2026-37630 was published May 11, 2026
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control... Moderate Unreviewed
CVE-2026-7010 was published May 12, 2026
A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9... High Unreviewed
CVE-2026-28954 was published May 11, 2026
An inconsistent user interface issue was addressed with improved state management. This issue is... High Unreviewed
CVE-2026-28964 was published May 11, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS... High Unreviewed
CVE-2026-28990 was published May 11, 2026
A race condition was addressed with improved handling of symbolic links. This issue is fixed in... High Unreviewed
CVE-2026-28924 was published May 11, 2026
An authorization issue was addressed with improved state management. This issue is fixed in iOS... High Unreviewed
CVE-2026-28951 was published May 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database