Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,395 advisories

Loading
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the... Critical Unreviewed
CVE-2026-8134 was published May 21, 2026
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote... Critical Unreviewed
CVE-2026-9642 was published May 26, 2026
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated... Critical Unreviewed
CVE-2026-3660 was published May 26, 2026
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} Critical
CVE-2026-33137 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) May 26, 2026
odgrso Credited to odgrso
Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote... Critical Unreviewed
CVE-2026-7251 was published May 26, 2026
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM... Critical Unreviewed
CVE-2026-8633 was published May 26, 2026
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers... Critical Unreviewed
CVE-2026-2264 was published May 26, 2026
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows... Critical Unreviewed
CVE-2026-41947 was published May 18, 2026
XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash Critical
CVE-2026-23734 was published for org.xwiki.commons:xwiki-commons-classloader-api (Maven) May 26, 2026
majkelstick Credited to majkelstick
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object... Critical Unreviewed
CVE-2026-45247 was published May 26, 2026
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323... Critical Unreviewed
CVE-2026-23455 was published Apr 3, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-42773 was published May 26, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-42774 was published May 26, 2026
A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload ... Critical Unreviewed
CVE-2026-2651 was published May 26, 2026
Szafir SDK returns a success status code from the cryptographic digital signature verification... Critical Unreviewed
CVE-2026-9058 was published May 26, 2026
Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows... Critical Unreviewed
CVE-2018-25357 was published May 26, 2026
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2018-25350 was published May 26, 2026
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized... Critical Unreviewed
CVE-2026-41104 was published May 26, 2026
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-42901 was published May 26, 2026
Improper neutralization of special elements used in a command ('command injection') in Microsoft... Critical Unreviewed
CVE-2026-41090 was published May 26, 2026
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized... Critical Unreviewed
CVE-2026-40412 was published May 26, 2026
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C... Critical Unreviewed
CVE-2026-33843 was published May 26, 2026
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-47280 was published May 26, 2026
Improper neutralization of special elements used in a command ('command injection') in Microsoft... Critical Unreviewed
CVE-2026-23652 was published May 26, 2026
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an... Critical Unreviewed
CVE-2026-39821 was published May 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database