Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

557 advisories

Loading
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for... High Unreviewed
CVE-2026-53406 was published Jun 12, 2026
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning Moderate
CVE-2026-48096 was published for github.com/openfga/openfga (Go) Jun 11, 2026
j4xT Credited to j4xT
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload Critical
CVE-2026-48063 was published for @whiskeysockets/baileys (npm) Jun 10, 2026
purpshell Credited to purpshell and SheIITear SheIITear SheIITear
vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors Moderate
CVE-2026-47155 was published for vllm (pip) Jun 10, 2026
addcontent Credited to addcontent, russellb, and jperezdealgaba russellb russellb
jperezdealgaba jperezdealgaba
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections High
CVE-2026-47737 was published for puma (RubyGems) Jun 9, 2026
vxhex Credited to vxhex and nateberkopec nateberkopec nateberkopec
Netty has Insufficient Bailiwick Validation for NS Records High
CVE-2026-47691 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records High
CVE-2026-45674 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More... Moderate Unreviewed
CVE-2026-7792 was published Jun 6, 2026
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2026-8608 was published Jun 6, 2026
WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint High
CVE-2026-47696 was published for WWBN/AVideo (Composer) Jun 4, 2026
proochicken Credited to proochicken
Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending High
CVE-2026-45337 was published for better-auth (npm) Jun 4, 2026
whrit Credited to whrit
matrix-sdk-ui: Incomplete edit validation Moderate
CVE-2026-45057 was published for matrix-sdk-ui (Rust) Jun 4, 2026
The /v1/Plan service relies entirely on a shared global API token for full administrative... Critical Unreviewed
CVE-2026-50214 was published Jun 4, 2026
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1,... High Unreviewed
CVE-2022-4992 was published Jun 3, 2026
stigmem-node's federation peer registration lacked explicit out-of-band approval Critical
GHSA-9vp8-3hmv-8fgh was published for stigmem-node (pip) May 29, 2026
stigmem-node's federation peer token timestamp validation may reject valid peer tokens High
GHSA-xh5j-xjfq-qvvx was published for stigmem-node (pip) May 29, 2026
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass... Moderate Unreviewed
CVE-2026-9189 was published May 29, 2026
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims Moderate
CVE-2026-45069 was published for symfony/security-http (Composer) May 27, 2026
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate... High Unreviewed
CVE-2026-3012 was published May 27, 2026
@hulumi/drift: Orphan reconciler accepted externally supplied execute plans High
GHSA-2ffm-hxrq-qqmm was published for @hulumi/drift (npm) May 21, 2026
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss High
CVE-2026-46654 was published for p3-challenger (Rust) May 21, 2026
jonathanpwang Credited to jonathanpwang and zlangley zlangley zlangley
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty Moderate
CVE-2026-46539 was published for nimiq-primitives (Rust) May 21, 2026
1seal Credited to 1seal
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM Moderate
CVE-2026-45792 was published for rtk (Rust) May 20, 2026
afogel Credited to afogel
Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher... Moderate Unreviewed
CVE-2026-25602 was published May 20, 2026
arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS Moderate
GHSA-rc6v-5rmx-w5mv was published for github.com/arnika-project/arnika (Go) May 15, 2026
dpolzoni Credited to dpolzoni and nean-and-i nean-and-i nean-and-i
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database