Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

117,381 advisories

Loading
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote... High Unreviewed
CVE-2026-9860 was published Jun 18, 2026
The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing... High Unreviewed
CVE-2026-12407 was published Jun 18, 2026
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop... High Unreviewed
CVE-2026-12505 was published Jun 18, 2026
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code... High Unreviewed
CVE-2026-53676 was published Jun 18, 2026
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service... High Unreviewed
CVE-2026-55199 was published Jun 17, 2026
Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the... High Unreviewed
CVE-2026-55201 was published Jun 17, 2026
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an... High Unreviewed
CVE-2026-50107 was published Jun 17, 2026
Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header... High Unreviewed
CVE-2026-55202 was published Jun 17, 2026
Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated... High Unreviewed
CVE-2026-49133 was published Jun 17, 2026
Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that... High Unreviewed
CVE-2026-53869 was published Jun 17, 2026
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated... High Unreviewed
CVE-2026-11407 was published Jun 17, 2026
Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export... High Unreviewed
CVE-2026-55198 was published Jun 17, 2026
Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session... High Unreviewed
CVE-2026-55197 was published Jun 17, 2026
Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI... High Unreviewed
CVE-2026-10696 was published Jun 17, 2026
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the... High Unreviewed
CVE-2026-53871 was published Jun 17, 2026
When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with... High Unreviewed
CVE-2026-32682 was published Jun 17, 2026
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for... High Unreviewed
CVE-2026-5667 was published Jun 17, 2026
Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows... High Unreviewed
CVE-2026-30803 was published Jun 17, 2026
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI... High Unreviewed
CVE-2026-7300 was published Jun 17, 2026
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view... High Unreviewed
CVE-2026-20190 was published Jun 17, 2026
Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers... High Unreviewed
CVE-2026-30802 was published Jun 17, 2026
picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing... High Unreviewed
CVE-2026-53872 was published Jun 17, 2026
picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function... High Unreviewed
CVE-2026-53875 was published Jun 17, 2026
Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials"... High Unreviewed
CVE-2026-32652 was published Jun 17, 2026
PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list,... High Unreviewed
CVE-2025-71322 was published Jun 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database