Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1... Critical Unreviewed
CVE-2026-10520 was published Jun 9, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')... Critical Unreviewed
CVE-2026-7486 was published Jun 9, 2026
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that... Critical Unreviewed
CVE-2017-20251 was published Jun 9, 2026
shell-quote quote() does not escape newlines in object .op values Critical
CVE-2026-9277 was published for shell-quote (npm) Jun 9, 2026
akshatgit Credited to akshatgit and ljharb ljharb ljharb
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1,... Critical Unreviewed
CVE-2025-10263 was published Jun 9, 2026
SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’... Critical Unreviewed
CVE-2026-10731 was published Jun 9, 2026
A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 ... Critical Unreviewed
CVE-2026-41031 was published Jun 9, 2026
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session... Critical Unreviewed
CVE-2009-10007 was published Jun 9, 2026
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that... Critical Unreviewed
CVE-2026-9698 was published Jun 9, 2026
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with... Critical Unreviewed
CVE-2026-44748 was published Jun 9, 2026
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft... Critical Unreviewed
CVE-2026-40128 was published Jun 9, 2026
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of... Critical Unreviewed
CVE-2026-27671 was published Jun 9, 2026
Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed... Critical Unreviewed
CVE-2026-11697 was published Jun 9, 2026
Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker... Critical Unreviewed
CVE-2026-11671 was published Jun 9, 2026
Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote... Critical Unreviewed
CVE-2026-11659 was published Jun 9, 2026
Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to... Critical Unreviewed
CVE-2026-11638 was published Jun 9, 2026
Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote... Critical Unreviewed
CVE-2026-11654 was published Jun 9, 2026
Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote... Critical Unreviewed
CVE-2026-11634 was published Jun 9, 2026
Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to... Critical Unreviewed
CVE-2026-11651 was published Jun 9, 2026
nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation Critical
CVE-2026-47724 was published for github.com/juev/nebula-mesh (Go) Jun 8, 2026
ak2k Credited to ak2k
Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin Critical
CVE-2026-47252 was published for github.com/julien040/anyquery/plugins/brave (Go) Jun 8, 2026
232-323 Credited to 232-323
PHPSpreadsheet has a patch bypass for CVE-2026-34084 Critical
CVE-2026-45034 was published for phpoffice/phpspreadsheet (Composer) Jun 8, 2026
everping Credited to everping
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key... Critical Unreviewed
CVE-2026-25555 was published Jun 8, 2026
AdGuard Home, when started with the --glinet flag, contains an authentication bypass... Critical Unreviewed
CVE-2026-41448 was published Jun 8, 2026
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated,... Critical Unreviewed
CVE-2026-39910 was published Jun 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database