Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the... Critical Unreviewed
CVE-2026-44631 was published Jun 8, 2026
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author... Critical Unreviewed
CVE-2026-42535 was published Jun 8, 2026
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration ... Critical Unreviewed
CVE-2026-29167 was published Jun 8, 2026
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated... Critical Unreviewed
CVE-2026-50751 was published Jun 8, 2026
Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews. Critical
CVE-2026-47430 was published for cordova-plugin-inappbrowser (npm) Jun 8, 2026
NiklasMerz Credited to NiklasMerz
A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the... Critical Unreviewed
CVE-2026-11499 was published Jun 8, 2026
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2023-54352 was published Jun 8, 2026
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows... Critical Unreviewed
CVE-2024-58349 was published Jun 8, 2026
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability... Critical Unreviewed
CVE-2024-58348 was published Jun 8, 2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta... Critical Unreviewed
CVE-2025-1740 was published Jun 6, 2026
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise... Critical Unreviewed
CVE-2026-11429 was published Jun 6, 2026
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due... Critical Unreviewed
CVE-2026-11423 was published Jun 5, 2026
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in... Critical Unreviewed
CVE-2026-11414 was published Jun 5, 2026
Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise... Critical Unreviewed
CVE-2026-11420 was published Jun 5, 2026
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service... Critical Unreviewed
CVE-2026-11419 was published Jun 5, 2026
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass... Critical Unreviewed
CVE-2026-10580 was published Jun 5, 2026
Shopper: Authorization bypass and RBAC privilege escalation in team settings Critical
CVE-2026-47744 was published for shopper/framework (Composer) Jun 5, 2026
baradika Credited to baradika
NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that... Critical Unreviewed
CVE-2025-71317 was published Jun 5, 2026
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers... Critical Unreviewed
CVE-2026-36500 was published Jun 5, 2026
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A... Critical Unreviewed
CVE-2025-71318 was published Jun 5, 2026
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd... Critical Unreviewed
CVE-2026-9270 was published Jun 5, 2026
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. ... Critical Unreviewed
CVE-2026-11362 was published Jun 5, 2026
NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker) Critical
CVE-2026-47731 was published for ait-core (pip) Jun 5, 2026
ehtec Credited to ehtec
Authenticated Remote Code Execution via loadReader functionName code injection in DbGate Critical
CVE-2026-47670 was published for dbgate-api (npm) Jun 5, 2026
tomasvanagas Credited to tomasvanagas
DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE Critical
CVE-2026-47669 was published for dbgate (npm) Jun 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database