Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

269 advisories

Loading
Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a... Critical Unreviewed
CVE-2026-12027 was published Jun 12, 2026
CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege... Moderate Unreviewed
CVE-2026-11626 was published Jun 10, 2026
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected... High Unreviewed
CVE-2026-46748 was published Jun 9, 2026
actual Allows Electron to Run As Node Moderate
CVE-2026-42890 was published for actual (npm) Jun 8, 2026
mustafa-sec Credited to mustafa-sec
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53... Critical Unreviewed
CVE-2026-11167 was published Jun 5, 2026
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS.... High Unreviewed
CVE-2026-10843 was published Jun 4, 2026
A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local... High Unreviewed
CVE-2025-12694 was published Jun 4, 2026
Local privilege escalation due to excessive permissions assigned to child processes. The... High Unreviewed
CVE-2026-42061 was published Jun 3, 2026
IPAM controller service account granted unnecessary full access to Secrets Moderate
CVE-2026-47190 was published for github.com/metal3-io/ip-address-manager (Go) May 29, 2026
IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker... High Unreviewed
CVE-2026-3623 was published May 27, 2026
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables Moderate
CVE-2026-46618 was published for github.com/fission/fission (Go) May 21, 2026
b0b0haha Credited to b0b0haha, j311yl0v3u, and sanketsudake j311yl0v3u j311yl0v3u
sanketsudake sanketsudake
Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read High
CVE-2026-46617 was published for github.com/fission/fission (Go) May 21, 2026
FORIMOC Credited to FORIMOC, Yuremin, and sanketsudake Yuremin Yuremin
sanketsudake sanketsudake
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on... High Unreviewed
CVE-2026-8370 was published May 19, 2026
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on... High Unreviewed
CVE-2026-29205 was published May 14, 2026
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated... High Unreviewed
CVE-2026-32643 was published May 13, 2026
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with... High Unreviewed
CVE-2026-32673 was published May 13, 2026
The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from... High Unreviewed
CVE-2026-25710 was published May 13, 2026
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an... Critical Unreviewed
CVE-2026-42833 was published May 12, 2026
Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary... Moderate Unreviewed
CVE-2026-40638 was published May 12, 2026
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE Critical
CVE-2026-44477 was published for github.com/cloudnative-pg/cloudnative-pg (Go) May 11, 2026
mdisec Credited to mdisec
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to... Moderate Unreviewed
CVE-2026-40550 was published Apr 28, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with... Moderate Unreviewed
CVE-2026-25908 was published Apr 27, 2026
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment High
CVE-2026-41900 was published for openlearnx (npm) Apr 23, 2026
krrazee Credited to krrazee, 0x5t4l1n, and harriiinnii 0x5t4l1n 0x5t4l1n
harriiinnii harriiinnii
OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via Script Runner Tool Critical
GHSA-2wvh-87g2-89hr was published for openc3 (RubyGems) Apr 23, 2026
suffs811 Credited to suffs811
Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected... Low Unreviewed
CVE-2026-22008 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database