Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

14,542 advisories

Loading
Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex Low
CVE-2026-45305 was published for symfony/symfony (Composer) May 27, 2026
Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs") Low
CVE-2026-45304 was published for symfony/symfony (Composer) May 27, 2026
Symfony hardened the parser when handling untrusted input Low
CVE-2026-45133 was published for symfony/symfony (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas and suidpit suidpit suidpit
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android... Low Unreviewed
CVE-2025-68710 was published May 26, 2026
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with... Low Unreviewed
CVE-2025-68708 was published May 26, 2026
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android... Low Unreviewed
CVE-2025-68711 was published May 26, 2026
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering Low
CVE-2026-45072 was published for symfony/symfony (Composer) May 27, 2026
Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true Low
CVE-2026-45071 was published for symfony/dom-crawler (Composer) May 27, 2026
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Low Unreviewed
CVE-2022-21624 was published Oct 19, 2022
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous... Low Unreviewed
CVE-2015-6563 was published May 14, 2022
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Low Unreviewed
CVE-2022-39399 was published Oct 19, 2022
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... Low Unreviewed
CVE-2022-21619 was published Oct 19, 2022
NewNTUnicodeString does not check for string length overflow. When provided with a string that... Low Unreviewed
CVE-2026-39824 was published May 26, 2026
When creating an export through the pretix API, API clients are returned an UUID value for their... Low Unreviewed
CVE-2026-9712 was published May 27, 2026
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station... Low Unreviewed
CVE-2024-47272 was published May 27, 2026
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in... Low Unreviewed
CVE-2024-47267 was published May 27, 2026
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology... Low Unreviewed
CVE-2024-47270 was published May 27, 2026
A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown... Low Unreviewed
CVE-2026-9608 was published May 27, 2026
A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of... Low Unreviewed
CVE-2026-9609 was published May 27, 2026
A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is... Low Unreviewed
CVE-2026-9607 was published May 27, 2026
A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of... Low Unreviewed
CVE-2026-9604 was published May 27, 2026
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Low Unreviewed
CVE-2025-43357 was published Sep 16, 2025
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8409 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8415 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8416 was published May 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database