GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,407
Composer 5,538
Erlang 49
GitHub Actions 49
Go 3,405
Maven 6,358
npm 5,578
NuGet 882
pip 4,641
Pub 13
RubyGems 1,026
Rust 1,209
Swift 53

Unreviewed advisories

All unreviewed 296,359

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,562 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that... Critical Unreviewed

CVE-2018-25254 was published Apr 4, 2026

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated... Critical Unreviewed

CVE-2016-20052 was published Apr 4, 2026

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow... Critical Unreviewed

CVE-2026-35616 was published Apr 4, 2026

Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE... Critical Unreviewed

CVE-2018-25236 was published Apr 4, 2026

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in... Critical Unreviewed

CVE-2018-25237 was published Apr 4, 2026

Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6... Critical Unreviewed

CVE-2021-4477 was published Apr 4, 2026

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation... Critical Unreviewed

CVE-2017-20236 was published Apr 4, 2026

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication... Critical Unreviewed

CVE-2017-20235 was published Apr 4, 2026

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that... Critical Unreviewed

CVE-2017-20234 was published Apr 4, 2026

Improper certificate validation in the identity provider connection components in Amazon Athena... Critical Unreviewed

CVE-2026-35560 was published Apr 3, 2026

Insufficient authentication security controls in the browser-based authentication components in... Critical Unreviewed

CVE-2026-35561 was published Apr 3, 2026

Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication... Critical Unreviewed

CVE-2017-20237 was published Apr 3, 2026

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the... Critical Unreviewed

CVE-2026-25197 was published Apr 3, 2026

A specific endpoint exposes all user account information for registered Gardyn users without... Critical Unreviewed

CVE-2026-28766 was published Apr 3, 2026

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal... Critical Unreviewed

CVE-2026-28373 was published Apr 3, 2026

In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by... Critical Unreviewed

CVE-2026-0545 was published Apr 3, 2026

Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through... Critical Unreviewed

CVE-2026-5463 was published Apr 3, 2026

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate... Critical Unreviewed

CVE-2026-33107 was published Apr 3, 2026

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to... Critical Unreviewed

CVE-2026-33105 was published Apr 3, 2026

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges... Critical Unreviewed

CVE-2026-32213 was published Apr 3, 2026

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker... Critical Unreviewed

CVE-2026-32211 was published Apr 3, 2026

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an... Critical Unreviewed

CVE-2026-26135 was published Apr 3, 2026

HiOS Switch Platform contains a denial-of-service vulnerability in the web interface that allows... Critical Unreviewed

CVE-2025-15620 was published Apr 2, 2026

Hirschmann HiEOS devices contain an authentication bypass vulnerability in the HTTP(S) management... Critical Unreviewed

CVE-2024-14034 was published Apr 2, 2026

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0.... Critical Unreviewed

CVE-2026-34877 was published Apr 2, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,562 advisories