Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

159,159 advisories

Loading
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of... Moderate Unreviewed
CVE-2026-30498 was published May 27, 2026
ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of... Moderate Unreviewed
CVE-2026-9759 was published May 27, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18... Moderate Unreviewed
CVE-2026-2601 was published May 27, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7,... Moderate Unreviewed
CVE-2026-1402 was published May 27, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18... Moderate Unreviewed
CVE-2026-5296 was published May 27, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7,... Moderate Unreviewed
CVE-2026-8716 was published May 27, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7,... Moderate Unreviewed
CVE-2026-6713 was published May 27, 2026
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions... Moderate Unreviewed
CVE-2026-21785 was published May 27, 2026
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the... Moderate Unreviewed
CVE-2026-6332 was published May 14, 2026
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] Moderate
CVE-2026-45075 was published for symfony/http-kernel (Composer) May 27, 2026
alexandre-daubois Credited to alexandre-daubois
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay Moderate
CVE-2026-45074 was published for symfony/security-http (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix Moderate
CVE-2026-45073 was published for symfony/cache (Composer) May 27, 2026
FORIMOC Credited to FORIMOC and nicolas-grekas nicolas-grekas nicolas-grekas
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names Moderate
CVE-2026-45070 was published for symfony/mime (Composer) May 27, 2026
alexandre-daubois Credited to alexandre-daubois
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims Moderate
CVE-2026-45069 was published for symfony/security-http (Composer) May 27, 2026
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address Moderate
CVE-2026-45068 was published for symfony/mailer (Composer) May 27, 2026
Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification Moderate
CVE-2026-45066 was published for symfony/html-sanitizer (Composer) May 27, 2026
Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing Moderate
CVE-2026-45064 was published for symfony/html-sanitizer (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas and unknownhad unknownhad unknownhad
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression Moderate
CVE-2026-44981 was published for github.com/crowdsecurity/crowdsec (Go) May 27, 2026
davide-s-rosa Credited to davide-s-rosa
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in... Moderate Unreviewed
CVE-2026-48926 was published May 27, 2026
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality Moderate Unreviewed
CVE-2026-36239 was published May 26, 2026
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without... Moderate Unreviewed
CVE-2026-48917 was published May 27, 2026
IBM Business Automation Workflow containers and traditional may leak information about its... Moderate Unreviewed
CVE-2026-1248 was published May 27, 2026
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Moderate Unreviewed
CVE-2022-21340 was published Feb 11, 2022
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Moderate Unreviewed
CVE-2022-21618 was published Oct 19, 2022
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without... Moderate Unreviewed
CVE-2026-48919 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database