Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,405 advisories

Loading
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs) High
CVE-2026-53999 was published for github.com/radius-project/radius (Go) Jun 12, 2026
b0b0haha Credited to b0b0haha and j311yl0v3u j311yl0v3u j311yl0v3u
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux... High Unreviewed
CVE-2026-12034 was published Jun 12, 2026
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149... High Unreviewed
CVE-2026-12009 was published Jun 12, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a... High Unreviewed
CVE-2026-12016 was published Jun 12, 2026
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds High
CVE-2026-48110 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add... High Unreviewed
CVE-2026-53901 was published Jun 11, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an... High Unreviewed
CVE-2026-34712 was published Jun 10, 2026
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation... High Unreviewed
CVE-2026-47930 was published Jun 9, 2026
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation... High Unreviewed
CVE-2026-47931 was published Jun 9, 2026
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-48569 was published Jun 9, 2026
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. High Unreviewed
CVE-2026-45636 was published Jun 9, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2026-44811 was published Jun 9, 2026
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate... High Unreviewed
CVE-2026-40376 was published Jun 9, 2026
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a... High Unreviewed
CVE-2026-11689 was published Jun 9, 2026
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827... High Unreviewed
CVE-2026-11660 was published Jun 9, 2026
Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior... High Unreviewed
CVE-2026-11676 was published Jun 9, 2026
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a... High Unreviewed
CVE-2026-11682 was published Jun 9, 2026
Routinator crashes when sending a maliciously crafted select-asn query parameter High
CVE-2026-49234 was published for routinator (Rust) Jun 8, 2026
Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points High
CVE-2026-47732 was published for twig/twig (Composer) Jun 5, 2026
fabpot Credited to fabpot
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2... High Unreviewed
CVE-2026-8714 was published Jun 5, 2026
An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to... High Unreviewed
CVE-2026-36501 was published Jun 5, 2026
In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed... High Unreviewed
CVE-2025-5089 was published Jun 5, 2026
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes... High Unreviewed
CVE-2025-5090 was published Jun 5, 2026
Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to... High Unreviewed
CVE-2026-11297 was published Jun 5, 2026
Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0... High Unreviewed
CVE-2026-11272 was published Jun 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database