Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

117,381 advisories

Loading
The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing... High Unreviewed
CVE-2026-12407 was published Jun 18, 2026
The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote... High Unreviewed
CVE-2026-9860 was published Jun 18, 2026
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop... High Unreviewed
CVE-2026-12505 was published Jun 18, 2026
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers... High Unreviewed
CVE-2026-50264 was published Jun 5, 2026
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks... High Unreviewed
CVE-2026-50259 was published Jun 5, 2026
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client... High Unreviewed
CVE-2026-50260 was published Jun 5, 2026
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A... High Unreviewed
CVE-2026-50257 was published Jun 5, 2026
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A... High Unreviewed
CVE-2026-50261 was published Jun 5, 2026
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch... High Unreviewed
CVE-2026-50256 was published Jun 5, 2026
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has... High Unreviewed
CVE-2026-50258 was published Jun 5, 2026
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code... High Unreviewed
CVE-2026-53676 was published Jun 18, 2026
Improper authorization in .NET allows an authorized attacker to elevate privileges locally. High Unreviewed
CVE-2026-45490 was published Jun 9, 2026
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business... High Unreviewed
CVE-2026-46967 was published Jun 17, 2026
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this... High Unreviewed
CVE-2026-6893 was published Jun 10, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code... High Unreviewed
CVE-2026-45645 was published Jun 9, 2026
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server... High Unreviewed
CVE-2026-9064 was published May 20, 2026
Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that... High Unreviewed
CVE-2026-53869 was published Jun 17, 2026
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated... High Unreviewed
CVE-2026-11407 was published Jun 17, 2026
Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export... High Unreviewed
CVE-2026-55198 was published Jun 17, 2026
Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session... High Unreviewed
CVE-2026-55197 was published Jun 17, 2026
Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI... High Unreviewed
CVE-2026-10696 was published Jun 17, 2026
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the... High Unreviewed
CVE-2026-53871 was published Jun 17, 2026
When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with... High Unreviewed
CVE-2026-32682 was published Jun 17, 2026
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service... High Unreviewed
CVE-2026-55199 was published Jun 17, 2026
Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the... High Unreviewed
CVE-2026-55201 was published Jun 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database