Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... Critical Unreviewed
CVE-2026-44963 was published Jun 10, 2026
Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter Critical
CVE-2026-48030 was published for pheditor/pheditor (Composer) Jun 9, 2026
muslimbek-0x Credited to muslimbek-0x
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground Critical
CVE-2026-8467 was published for phoenix_storybook (Erlang) Jun 9, 2026
maennchen Credited to maennchen, ndelphit, cnkk, and cblavier ndelphit ndelphit
cnkk cnkk cblavier cblavier
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation... Critical Unreviewed
CVE-2026-47928 was published Jun 9, 2026
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect... Critical Unreviewed
CVE-2026-48303 was published Jun 9, 2026
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side... Critical Unreviewed
CVE-2026-47938 was published Jun 9, 2026
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2... Critical Unreviewed
CVE-2026-10045 was published Jun 9, 2026
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of... Critical Unreviewed
CVE-2026-46155 was published May 28, 2026
NVIDIA NVFlare Dashboard: Authorization bypass through user-controlled key via user management and authentication system Critical
CVE-2026-24178 was published for nvflare (pip) Apr 28, 2026
pywasm3 contains a global buffer overflow which leads to segmentation fault Critical
CVE-2024-34252 was published for pywasm3 (pip) May 6, 2024
pywasm3 contains a heap buffer overflow which leads to segmentation fault Critical
CVE-2024-34249 was published for pywasm3 (pip) May 6, 2024
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1,... Critical Unreviewed
CVE-2025-10263 was published Jun 9, 2026
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a... Critical Unreviewed
CVE-2026-34691 was published Jun 9, 2026
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-47643 was published Jun 9, 2026
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute... Critical Unreviewed
CVE-2026-47291 was published Jun 9, 2026
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network. Critical Unreviewed
CVE-2026-45657 was published Jun 9, 2026
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-47281 was published Jun 9, 2026
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute... Critical Unreviewed
CVE-2026-44815 was published Jun 9, 2026
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-42904 was published Jun 9, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')... Critical Unreviewed
CVE-2026-8025 was published Jun 9, 2026
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-26142 was published Jun 9, 2026
A improper neutralization of special elements used in an os command ('os command injection')... Critical Unreviewed
CVE-2026-25089 was published Jun 9, 2026
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and... Critical Unreviewed
CVE-2026-10523 was published Jun 9, 2026
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session... Critical Unreviewed
CVE-2009-10007 was published Jun 9, 2026
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that... Critical Unreviewed
CVE-2026-9698 was published Jun 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database