Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

14,887 advisories

Loading
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This... Low Unreviewed
CVE-2026-12131 was published Jun 13, 2026
OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session... Low Unreviewed
CVE-2026-53826 was published Jun 13, 2026
OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu... Low Unreviewed
CVE-2026-53835 was published Jun 13, 2026
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by... Low Unreviewed
CVE-2026-12129 was published Jun 12, 2026
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This... Low Unreviewed
CVE-2026-12130 was published Jun 12, 2026
esbuild allows arbitrary file read when running the development server on Windows Low
GHSA-g7r4-m6w7-qqqr was published for esbuild (npm) Jun 12, 2026
dellalibera Credited to dellalibera
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning Low
CVE-2026-46342 was published for @nuxt/nitro-server (npm) May 19, 2026
fancymalware Credited to fancymalware
Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix Low
CVE-2026-44489 was published for axios (npm) May 29, 2026
TYPO3 CMS has Broken Access Control in its File Abstraction Layer Low
CVE-2026-49738 was published for typo3/cms-core (Composer) Jun 12, 2026
TYPO3 HTML Sanitizer allows Cross-site Scripting Low
CVE-2026-47344 was published for typo3/html-sanitizer (Composer) Jun 12, 2026
ohader Credited to ohader
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android.... Low Unreviewed
CVE-2026-12065 was published Jun 12, 2026
Tornado has out-of-bounds memory access via C extension Low
CVE-2026-49854 was published for tornado (pip) Jun 12, 2026
sondt99 Credited to sondt99
nebula-mesh: POST /api/v1/hosts/{id}/mobile-bundle response lacks Cache-Control: no-store Low
GHSA-6vgg-xhvh-38ff was published for github.com/juev/nebula-mesh (Go) Jun 12, 2026
ak2k Credited to ak2k
The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not... Low Unreviewed
CVE-2026-9269 was published Jun 12, 2026
SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec Low
CVE-2026-28898 was published for github.com/apple/swift-nio-http2 (Swift) Jun 12, 2026
kuranikaran Credited to kuranikaran
Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115... Low Unreviewed
CVE-2026-12032 was published Jun 12, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a... Low Unreviewed
CVE-2026-12017 was published Jun 12, 2026
Dulwich doesn't sanitize commit subjects in `porcelain.format_patch` Low
CVE-2026-47712 was published for dulwich (pip) Jun 8, 2026
ctoth Credited to ctoth and jelmer jelmer jelmer
Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames Low
CVE-2026-48011 was published for shopware/core (Composer) Jun 4, 2026
NielDuysters Credited to NielDuysters and tbrankaer tbrankaer tbrankaer
SpiceDB: Caveat structures with nested lists can result in improper cache reuse Low
CVE-2026-46668 was published for github.com/authzed/spicedb (Go) May 21, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8,... Low Unreviewed
CVE-2026-3553 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8,... Low Unreviewed
CVE-2026-6976 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8,... Low Unreviewed
CVE-2026-9694 was published Jun 11, 2026
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into... Low Unreviewed
CVE-2026-41000 was published Jun 11, 2026
A person with access to a Mac may be able to bypass Login Window. A consistency issue was... Low Unreviewed
CVE-2022-48575 was published Jun 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database