Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

123,498 advisories

Loading
Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote... High Unreviewed
CVE-2026-6920 was published Apr 23, 2026
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could... High Unreviewed
CVE-2026-34003 was published Apr 23, 2026
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication... High Unreviewed
CVE-2025-70994 was published Apr 23, 2026
An unauthenticated remote attacker is able to exhaust all available TCP connections in the... High Unreviewed
CVE-2026-35225 was published Apr 23, 2026
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC... High Unreviewed
CVE-2026-34001 was published Apr 23, 2026
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the... High Unreviewed
CVE-2026-33999 was published Apr 23, 2026
Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege High
CVE-2026-40372 was published for Microsoft.AspNetCore.DataProtection (NuGet) Apr 23, 2026
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized... High Unreviewed
CVE-2026-3259 was published Apr 23, 2026
The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for... High Unreviewed
CVE-2026-5464 was published Apr 23, 2026
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation... High Unreviewed
CVE-2026-6903 was published Apr 23, 2026
GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via... High Unreviewed
CVE-2026-41040 was published Apr 23, 2026
IP Setting Software contains an issue with the DLL search path, which may lead to insecurely... High Unreviewed
CVE-2026-34488 was published Apr 23, 2026
IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could... High Unreviewed
CVE-2026-5935 was published Apr 23, 2026
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and... High Unreviewed
CVE-2026-32679 was published Apr 23, 2026
A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote... High Unreviewed
CVE-2026-40062 was published Apr 23, 2026
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application... High Unreviewed
CVE-2026-3621 was published Apr 23, 2026
WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API... High Unreviewed
CVE-2026-41454 was published Apr 23, 2026
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars... High Unreviewed
CVE-2026-40517 was published Apr 23, 2026
OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence High
GHSA-wgx6-g857-jjf7 was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write High
GHSA-r466-rxw4-3j9j was published for @evomap/evolver (npm) Apr 22, 2026
xeloxa Credited to xeloxa
Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability... High Unreviewed
CVE-2026-34414 was published Apr 22, 2026
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7... High Unreviewed
CVE-2026-26354 was published Apr 22, 2026
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in... High Unreviewed
CVE-2026-34413 was published Apr 22, 2026
The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2026-5694 was published Apr 22, 2026
The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API... High Unreviewed
CVE-2026-3643 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database