Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

324 advisories

Loading
Improper access control in AMD uProf may allow a local attacker with user privileges to write to... Moderate Unreviewed
CVE-2026-0466 was published Jun 9, 2026
A sensitive information disclosure security issue exists within the affected CompactLogix... Moderate Unreviewed
CVE-2026-9307 was published Jun 16, 2026
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. High Unreviewed
CVE-2026-52694 was published Jun 15, 2026
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. High Unreviewed
CVE-2026-49068 was published Jun 15, 2026
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions. Moderate Unreviewed
CVE-2026-40796 was published Jun 15, 2026
Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions. Moderate Unreviewed
CVE-2026-42660 was published Jun 15, 2026
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions. High Unreviewed
CVE-2026-49066 was published Jun 15, 2026
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery... High Unreviewed
CVE-2026-49056 was published Jun 15, 2026
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. Moderate Unreviewed
CVE-2026-48878 was published Jun 15, 2026
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions. High Unreviewed
CVE-2026-34891 was published Jun 15, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-24618 was published Jun 12, 2026
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP... Low Unreviewed
CVE-2026-44743 was published Jun 9, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi... High Unreviewed
CVE-2025-9986 was published Feb 11, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips... Moderate Unreviewed
CVE-2026-49077 was published Jun 4, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... High Unreviewed
CVE-2024-12367 was published Sep 16, 2025
The SAP Gateway allows attackers to inject content into error messages, potentially leading to... Moderate Unreviewed
CVE-2026-44749 was published May 26, 2026
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25358 was published May 26, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-27349 was published May 21, 2026
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through... Moderate Unreviewed
CVE-2026-7864 was published May 8, 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and... High Unreviewed
CVE-2026-43654 was published May 11, 2026
An information disclosure vulnerability in the Chronosphere Chronocollector enables an... Moderate Unreviewed
CVE-2026-0239 was published May 13, 2026
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated... Moderate Unreviewed
CVE-2026-0240 was published May 13, 2026
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods High
CVE-2026-42047 was published for inngest (npm) May 5, 2026
benhylak Credited to benhylak
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that... Moderate Unreviewed
CVE-2026-41928 was published May 8, 2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2026-25468 was published May 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database