Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

12,451 advisories

Loading
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
GHSA-ch3q-cw5r-f4hg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs) High
CVE-2026-53999 was published for github.com/radius-project/radius (Go) Jun 12, 2026
b0b0haha Credited to b0b0haha and j311yl0v3u j311yl0v3u j311yl0v3u
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution Moderate
CVE-2025-58175 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
lemauanhphong Credited to lemauanhphong and jodygarnett jodygarnett jodygarnett
Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() Moderate
GHSA-9r4w-jg96-92mv was published for github.com/google/go-attestation (Go) Jun 12, 2026
prasanna8585 Credited to prasanna8585
A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can... Critical Unreviewed
CVE-2026-50632 was published Jun 12, 2026
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which... Critical Unreviewed
CVE-2026-50633 was published Jun 12, 2026
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP... Unknown Unreviewed
CVE-2026-50628 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47369 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47367 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47370 was published Jun 12, 2026
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115... Moderate Unreviewed
CVE-2026-12025 was published Jun 12, 2026
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux... High Unreviewed
CVE-2026-12034 was published Jun 12, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a... Low Unreviewed
CVE-2026-12017 was published Jun 12, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a... High Unreviewed
CVE-2026-12016 was published Jun 12, 2026
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149... High Unreviewed
CVE-2026-12009 was published Jun 12, 2026
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds High
CVE-2026-48110 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input Moderate
CVE-2026-48108 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
Russh: Unchecked keyboard-interactive prompt count in client auth path Moderate
CVE-2026-48107 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence Moderate
CVE-2026-47780 was published for github.com/free5gc/udr (Go) Jun 11, 2026
Giancannella Credited to Giancannella, FrancescoDAlterio, ghMellow, and ndrberna FrancescoDAlterio FrancescoDAlterio
ghMellow ghMellow ndrberna ndrberna
guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator Moderate
CVE-2026-53723 was published for guzzlehttp/guzzle-services (Composer) Jun 11, 2026
GrahamCampbell Credited to GrahamCampbell
guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation Moderate
CVE-2026-48998 was published for guzzlehttp/psr7 (Composer) Jun 11, 2026
edorian Credited to edorian
guzzlehttp/psr7 has CRLF Injection via URI Host Component Moderate
CVE-2026-49214 was published for guzzlehttp/psr7 (Composer) Jun 11, 2026
edorian Credited to edorian
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add... High Unreviewed
CVE-2026-53901 was published Jun 11, 2026
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker... Moderate Unreviewed
CVE-2024-21944 was published Jun 11, 2026
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2026-20256 was published Jun 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database