Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

335,515 advisories

Loading
ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of... Moderate Unreviewed
CVE-2026-9759 was published May 27, 2026
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule... High Unreviewed
CVE-2026-8359 was published May 27, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18... Moderate Unreviewed
CVE-2026-2601 was published May 27, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7,... Moderate Unreviewed
CVE-2026-1402 was published May 27, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18... Moderate Unreviewed
CVE-2026-5296 was published May 27, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7,... Moderate Unreviewed
CVE-2026-8716 was published May 27, 2026
Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP... Critical Unreviewed
CVE-2026-8364 was published May 27, 2026
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. Unknown Unreviewed
CVE-2026-33552 was published May 27, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7,... Moderate Unreviewed
CVE-2026-6713 was published May 27, 2026
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions... Moderate Unreviewed
CVE-2026-21785 was published May 27, 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows... Unknown Unreviewed
CVE-2026-49009 was published May 27, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18... High Unreviewed
CVE-2026-4868 was published May 27, 2026
Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e.,... High Unreviewed
CVE-2026-8360 was published May 27, 2026
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long... Critical Unreviewed
CVE-2026-8363 was published May 27, 2026
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long... Critical Unreviewed
CVE-2026-8362 was published May 27, 2026
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path... High Unreviewed
CVE-2026-8361 was published May 27, 2026
Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit... High Unreviewed
CVE-2026-48921 was published May 27, 2026
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside... High Unreviewed
CVE-2026-42497 was published May 26, 2026
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when... High Unreviewed
CVE-2026-49017 was published May 27, 2026
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the... Moderate Unreviewed
CVE-2026-6332 was published May 14, 2026
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH... Critical Unreviewed
CVE-2026-48691 was published May 26, 2026
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener High
CVE-2026-45077 was published for symfony/monolog-bridge (Composer) May 27, 2026
snoopysecurity Credited to snoopysecurity, nicolas-grekas, and a-tt-om nicolas-grekas nicolas-grekas
a-tt-om a-tt-om
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] Moderate
CVE-2026-45075 was published for symfony/http-kernel (Composer) May 27, 2026
alexandre-daubois Credited to alexandre-daubois
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay Moderate
CVE-2026-45074 was published for symfony/security-http (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix Moderate
CVE-2026-45073 was published for symfony/cache (Composer) May 27, 2026
FORIMOC Credited to FORIMOC and nicolas-grekas nicolas-grekas nicolas-grekas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database