Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

335,515 advisories

Loading
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method... Moderate Unreviewed
CVE-2026-48923 was published May 27, 2026
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and... Moderate Unreviewed
CVE-2026-48925 was published May 27, 2026
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login,... Moderate Unreviewed
CVE-2026-48924 was published May 27, 2026
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default. Moderate Unreviewed
CVE-2026-48918 was published May 27, 2026
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64`... High Unreviewed
CVE-2026-48920 was published May 27, 2026
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals. Moderate Unreviewed
CVE-2026-48916 was published May 27, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory... Moderate Unreviewed
CVE-2026-6052 was published May 27, 2026
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere... Moderate Unreviewed
CVE-2026-4410 was published May 27, 2026
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger... Moderate Unreviewed
CVE-2025-68709 was published May 26, 2026
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an... High Unreviewed
CVE-2026-48962 was published May 27, 2026
StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity,... Moderate Unreviewed
CVE-2025-48651 was published Apr 6, 2026
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005... High Unreviewed
CVE-2009-2495 was published May 2, 2022
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of... Moderate Unreviewed
CVE-2015-1916 was published May 17, 2022
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005... High Unreviewed
CVE-2009-2493 was published May 2, 2022
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1... High Unreviewed
CVE-2015-0192 was published May 14, 2022
LiquidJS is Vulnerable to Remote Code Execution Critical
CVE-2026-45618 was published for liquidjs (npm) May 27, 2026
c0rydoras Credited to c0rydoras
LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex High
CVE-2026-45617 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend High
CVE-2026-45368 was published for getkirby/cms (Composer) May 27, 2026
offset Credited to offset
LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime) High
CVE-2026-45357 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions Moderate
CVE-2026-45334 was published for getkirby/cms (Composer) May 27, 2026
matte1782 Credited to matte1782
Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling High
CVE-2026-45260 was published for pimcore/pimcore (Composer) May 27, 2026
larlarua Credited to larlarua
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction High
CVE-2026-45162 was published for pimcore/pimcore (Composer) May 27, 2026
tikket1 Credited to tikket1
Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection Moderate
CVE-2026-45065 was published for symfony/routing (Composer) May 27, 2026
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator High
CVE-2026-45063 was published for symfony/security-http (Composer) May 27, 2026
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the... High Unreviewed
CVE-2026-6268 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database