Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

339,386 advisories

Loading
TYPO3 CMS: Broken Access Control in Media Module Moderate
CVE-2026-47351 was published for typo3/cms-backend (Composer) Jun 12, 2026
TYPO3 CMS has Cross-Site Scripting in Indexed Search Moderate
CVE-2026-47348 was published for typo3/cms-core (Composer) Jun 12, 2026
TYPO3 HTML Sanitizer allows Cross-site Scripting Low
CVE-2026-47344 was published for typo3/html-sanitizer (Composer) Jun 12, 2026
ohader Credited to ohader
Routinator crashes when sending a maliciously crafted select-asn query parameter High
CVE-2026-49234 was published for routinator (Rust) Jun 8, 2026
Routinator crashes when encountering maliciously crafted RRDP XML files High
CVE-2026-49235 was published for routinator (Rust) Jun 8, 2026
Routinator has cache path traversal when processing the module component of rsync URIs High
CVE-2026-49233 was published for routinator (Rust) Jun 8, 2026
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android.... Low Unreviewed
CVE-2026-12065 was published Jun 12, 2026
Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an... Moderate Unreviewed
CVE-2026-8694 was published Jun 12, 2026
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions... Moderate Unreviewed
CVE-2017-20240 was published Jun 12, 2026
A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to... Moderate Unreviewed
CVE-2026-50634 was published Jun 12, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... Moderate Unreviewed
CVE-2026-48560 was published Jun 9, 2026
Vulnerability Title Moderate Unreviewed
CVE-2026-9271 was published Jun 12, 2026
An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache... Moderate Unreviewed
CVE-2026-50623 was published Jun 12, 2026
An authorization bypass through user-controlled key vulnerability has been reported to affect... High Unreviewed
CVE-2026-44083 was published Jun 9, 2026
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating... High Unreviewed
CVE-2026-41539 was published Jun 9, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system... Moderate Unreviewed
CVE-2025-62858 was published Jun 9, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute... High Unreviewed
CVE-2026-44801 was published Jun 9, 2026
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers... High Unreviewed
CVE-2026-26236 was published Jun 9, 2026
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow... High Unreviewed
CVE-2026-33590 was published May 28, 2026
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance... Moderate Unreviewed
CVE-2026-50089 was published Jun 12, 2026
The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/authorize) is vulnerable to... Critical Unreviewed
CVE-2026-50090 was published Jun 12, 2026
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows... High Unreviewed
CVE-2026-8828 was published Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... Moderate Unreviewed
CVE-2026-3433 was published Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... Moderate Unreviewed
CVE-2026-6739 was published Jun 12, 2026
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for... High Unreviewed
CVE-2026-53406 was published Jun 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database