Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,411 advisories

Loading
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote... High Unreviewed
CVE-2026-12465 was published Jun 17, 2026
In multiple locations there is a possible provisioning bypass due to improper input validation.... High Unreviewed
CVE-2025-48643 was published Jun 17, 2026
n8n: Python sandbox escape High
CVE-2026-49444 was published for n8n (npm) Jun 16, 2026
vipinxsec Credited to vipinxsec
Astro: Host header SSRF in prerendered error page fetch High
CVE-2026-54299 was published for astro (npm) Jun 16, 2026
5ud0er Credited to 5ud0er
tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template High
CVE-2026-49982 was published for tmp (npm) Jun 15, 2026
tonghuaroot Credited to tonghuaroot
A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load... High Unreviewed
CVE-2026-12191 was published Jun 15, 2026
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs) High
CVE-2026-53999 was published for github.com/radius-project/radius (Go) Jun 12, 2026
b0b0haha Credited to b0b0haha and j311yl0v3u j311yl0v3u j311yl0v3u
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux... High Unreviewed
CVE-2026-12034 was published Jun 12, 2026
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149... High Unreviewed
CVE-2026-12009 was published Jun 12, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a... High Unreviewed
CVE-2026-12016 was published Jun 12, 2026
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds High
CVE-2026-48110 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add... High Unreviewed
CVE-2026-53901 was published Jun 11, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an... High Unreviewed
CVE-2026-34712 was published Jun 10, 2026
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation... High Unreviewed
CVE-2026-47930 was published Jun 9, 2026
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation... High Unreviewed
CVE-2026-47931 was published Jun 9, 2026
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-48569 was published Jun 9, 2026
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. High Unreviewed
CVE-2026-45636 was published Jun 9, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2026-44811 was published Jun 9, 2026
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate... High Unreviewed
CVE-2026-40376 was published Jun 9, 2026
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a... High Unreviewed
CVE-2026-11689 was published Jun 9, 2026
Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior... High Unreviewed
CVE-2026-11676 was published Jun 9, 2026
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a... High Unreviewed
CVE-2026-11682 was published Jun 9, 2026
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827... High Unreviewed
CVE-2026-11660 was published Jun 9, 2026
Routinator crashes when sending a maliciously crafted select-asn query parameter High
CVE-2026-49234 was published for routinator (Rust) Jun 8, 2026
Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points High
CVE-2026-47732 was published for twig/twig (Composer) Jun 5, 2026
fabpot Credited to fabpot
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database