Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

12,231 advisories

Loading
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1... High Unreviewed
CVE-2026-5509 was published May 27, 2026
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file... High Unreviewed
CVE-2026-48922 was published May 27, 2026
NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause... High Unreviewed
CVE-2026-24195 was published May 26, 2026
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where... Moderate Unreviewed
CVE-2025-33221 was published May 26, 2026
A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the... Low Unreviewed
CVE-2026-9521 was published May 26, 2026
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the... Low Unreviewed
CVE-2026-9497 was published May 26, 2026
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to... Critical Unreviewed
CVE-2026-40411 was published May 26, 2026
Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose... High Unreviewed
CVE-2026-26147 was published May 26, 2026
An authentication logic vulnerability in multiple TP-Link range extenders allows an... High Unreviewed
CVE-2026-3294 was published May 26, 2026
The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not... High Unreviewed
CVE-2026-44417 was published May 26, 2026
A malicious actor with access to the network could exploit an Improper Input Validation... Critical Unreviewed
CVE-2026-34910 was published May 22, 2026
A malicious actor with access to the network and high privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-33000 was published May 22, 2026
js-libp2p: Memory DoS via subscription flood of unique topics High
CVE-2026-46679 was published for @libp2p/gossipsub (npm) May 21, 2026
tahaafarooq Credited to tahaafarooq
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in... High Unreviewed
CVE-2026-9157 was published May 21, 2026
Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179... Moderate Unreviewed
CVE-2026-9124 was published May 20, 2026
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2026-20240 was published May 20, 2026
Multiple flaws have been identified in `named` related to the handling of DNS messages whose... High Unreviewed
CVE-2026-5946 was published May 20, 2026
@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes High
CVE-2026-45783 was published for @libp2p/kad-dht (npm) May 19, 2026
tahaafarooq Credited to tahaafarooq
Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching Moderate
CVE-2026-46341 was published for @apify/actors-mcp-server (npm) May 19, 2026
yotampe-pluto Credited to yotampe-pluto
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This... Critical Unreviewed
CVE-2026-8959 was published May 19, 2026
Algernon: handler.lua discovery walks parent directories above the server root Critical
CVE-2026-45721 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before... Moderate Unreviewed
CVE-2026-31378 was published May 19, 2026
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. Low Unreviewed
CVE-2026-28751 was published May 19, 2026
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages High
CVE-2026-45685 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias
Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability High
CVE-2026-35433 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) May 18, 2026
Ky0toFu Credited to Ky0toFu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database