Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

493 advisories

Loading
CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests High
CVE-2026-44982 was published for github.com/crowdsecurity/crowdsec (Go) May 27, 2026
mmarting Credited to mmarting
LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` Moderate
CVE-2026-44646 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Twig: Sandbox property and method bypass via object-destructuring assignment High
CVE-2026-46639 was published for twig/twig (Composer) May 21, 2026
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) Moderate
CVE-2026-46638 was published for twig/twig (Composer) May 21, 2026
Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name Moderate
CVE-2026-46634 was published for twig/twig (Composer) May 21, 2026
@hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governance guardrails High
GHSA-59f3-7227-wmh4 was published for @hulumi/policies (npm) May 21, 2026
Klever-Go KVM read-only execution can commit contract delete and upgrade side effects Moderate
CVE-2026-46403 was published for github.com/klever-io/klever-go (Go) May 21, 2026
Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer... Low Unreviewed
CVE-2026-44071 was published May 21, 2026
Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179... Moderate Unreviewed
CVE-2026-9116 was published May 20, 2026
Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179... Moderate Unreviewed
CVE-2026-9115 was published May 20, 2026
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151. High Unreviewed
CVE-2026-8969 was published May 19, 2026
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and... High Unreviewed
CVE-2026-8962 was published May 19, 2026
Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox... High Unreviewed
CVE-2026-8945 was published May 19, 2026
Formie: Pre-authenticated server-side template injection in Hidden fields Critical
CVE-2026-45697 was published for verbb/formie (Composer) May 18, 2026
pwnsauc3 Credited to pwnsauc3
Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a... High Unreviewed
CVE-2026-8585 was published May 14, 2026
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168... Moderate Unreviewed
CVE-2026-8583 was published May 14, 2026
Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote... Low Unreviewed
CVE-2026-8568 was published May 14, 2026
Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168... Low Unreviewed
CVE-2026-8572 was published May 14, 2026
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778... Moderate Unreviewed
CVE-2026-8563 was published May 14, 2026
Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168... High Unreviewed
CVE-2026-8571 was published May 14, 2026
Strapi Upload Plugin MIME Validation Bypass via Content API Moderate
CVE-2026-22707 was published for @strapi/upload (npm) May 14, 2026
kaminuma Credited to kaminuma and arkmarta arkmarta arkmarta
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an... Low Unreviewed
CVE-2026-30904 was published May 13, 2026
Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor... High Unreviewed
CVE-2026-45227 was published May 13, 2026
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3. Critical Unreviewed
CVE-2026-8401 was published May 12, 2026
A validation issue was addressed with improved logic. This issue is fixed in iOS 18.7.9 and... High Unreviewed
CVE-2026-43660 was published May 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database