Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

127,899 advisories

Loading
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the... High Unreviewed
CVE-2026-45831 was published Jun 12, 2026
The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards... High Unreviewed
CVE-2026-50085 was published Jun 12, 2026
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and... High Unreviewed
CVE-2026-45832 was published Jun 12, 2026
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These... High Unreviewed
CVE-2026-9638 was published Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... High Unreviewed
CVE-2026-7387 was published Jun 12, 2026
The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test... High Unreviewed
CVE-2026-50088 was published Jun 12, 2026
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing... High Unreviewed
CVE-2026-3840 was published Jun 12, 2026
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds... High Unreviewed
CVE-2026-47965 was published Jun 12, 2026
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing... High Unreviewed
CVE-2026-50087 was published Jun 12, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2026-44811 was published Jun 9, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2026-44808 was published Jun 9, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute... High Unreviewed
CVE-2026-47654 was published Jun 9, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute... High Unreviewed
CVE-2026-47653 was published Jun 9, 2026
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation High
GHSA-j9gf-vw2f-9hrw was published for com.appsmith:server (Maven) Jun 12, 2026
0xmrma Credited to 0xmrma
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL High
CVE-2026-48152 was published for @budibase/server (npm) Jun 12, 2026
Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema High
CVE-2026-48151 was published for @budibase/server (npm) Jun 12, 2026
liyander Credited to liyander
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators High
GHSA-9wcp-79g5-5c3c was published for com.appsmith:server (Maven) Jun 12, 2026
Moonster8282 Credited to Moonster8282
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page High
CVE-2025-52465 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
YacineF Credited to YacineF, sikeoka, partywavesec, and jodygarnett sikeoka sikeoka
partywavesec partywavesec jodygarnett jodygarnett
The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server... High Unreviewed
CVE-2026-50629 was published Jun 12, 2026
There is no restriction on the amount of attachment headers that a message can contain when being... High Unreviewed
CVE-2026-50645 was published Jun 12, 2026
Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote... High Unreviewed
CVE-2026-12035 was published Jun 12, 2026
A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user... High Unreviewed
CVE-2026-47342 was published Jun 11, 2026
The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing... High Unreviewed
CVE-2026-7368 was published Jun 12, 2026
Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services... High Unreviewed
CVE-2026-6211 was published Jun 12, 2026
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code... High Unreviewed
CVE-2026-11879 was published Jun 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database