Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,248 advisories

Loading
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™... Moderate Unreviewed
CVE-2026-0249 was published May 13, 2026
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto... Moderate Unreviewed
CVE-2026-0258 was published May 13, 2026
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an... Moderate Unreviewed
CVE-2026-0261 was published May 13, 2026
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500... Moderate Unreviewed
CVE-2026-0259 was published May 13, 2026
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an... Moderate Unreviewed
CVE-2026-0262 was published May 13, 2026
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying Moderate
CVE-2025-64526 was published for @strapi/plugin-users-permissions (npm) May 13, 2026
adriatikii Credited to adriatikii and derrickmehaffy derrickmehaffy derrickmehaffy
A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former... Moderate Unreviewed
CVE-2026-2695 was published May 13, 2026
Buffer Overflow vulnerability in Ardupilot rover commit v... Moderate Unreviewed
CVE-2024-48519 was published May 13, 2026
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers... Moderate Unreviewed
CVE-2026-8367 was published May 13, 2026
A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an... Moderate Unreviewed
CVE-2026-42780 was published May 13, 2026
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh)... Moderate Unreviewed
CVE-2026-42408 was published May 13, 2026
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2,... Moderate Unreviewed
CVE-2026-42926 was published May 13, 2026
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When... Moderate Unreviewed
CVE-2026-42934 was published May 13, 2026
A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP... Moderate Unreviewed
CVE-2026-40703 was published May 13, 2026
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may... Moderate Unreviewed
CVE-2026-40435 was published May 13, 2026
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker... Moderate Unreviewed
CVE-2026-40460 was published May 13, 2026
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint... Moderate Unreviewed
CVE-2026-41954 was published May 13, 2026
A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource... Moderate Unreviewed
CVE-2026-42063 was published May 13, 2026
An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an... Moderate Unreviewed
CVE-2026-42058 was published May 13, 2026
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the... Moderate Unreviewed
CVE-2026-40701 was published May 13, 2026
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as... Moderate Unreviewed
CVE-2026-31156 was published May 13, 2026
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access... Moderate Unreviewed
CVE-2026-36738 was published May 13, 2026
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when... Moderate Unreviewed
CVE-2026-36742 was published May 13, 2026
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed... Moderate Unreviewed
CVE-2026-24464 was published May 13, 2026
When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST... Moderate Unreviewed
CVE-2026-28758 was published May 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database