Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

14,305 advisories

Loading
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had... Low Unreviewed
CVE-2026-8553 was published May 14, 2026
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP... Low Unreviewed
CVE-2026-27680 was published May 14, 2026
Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access) Low
CVE-2026-45316 was published for open-webui (pip) May 14, 2026
qi-scape Credited to qi-scape and Classic298 Classic298 Classic298
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of... Low Unreviewed
CVE-2026-6923 was published May 14, 2026
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain... Low Unreviewed
CVE-2025-62309 was published May 14, 2026
HCL AION is affected by a vulnerability where sensitive information may be included in URL... Low Unreviewed
CVE-2025-62317 was published May 14, 2026
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are... Low Unreviewed
CVE-2025-62316 was published May 14, 2026
HCL AION is affected by a vulnerability where basic authorization tokens are used for... Low Unreviewed
CVE-2025-62312 was published May 14, 2026
dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction Low
CVE-2026-44970 was published for dbt-mcp (pip) May 14, 2026
hewei-gikaku Credited to hewei-gikaku
dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled Low
CVE-2026-44969 was published for dbt-mcp (pip) May 14, 2026
hewei-gikaku Credited to hewei-gikaku
SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows... Low Unreviewed
CVE-2026-6638 was published May 14, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10... Low Unreviewed
CVE-2026-6883 was published May 14, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10... Low Unreviewed
CVE-2026-7471 was published May 14, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18... Low Unreviewed
CVE-2026-2900 was published May 14, 2026
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA... Low Unreviewed
CVE-2026-33585 was published May 13, 2026
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an... Low Unreviewed
CVE-2026-30904 was published May 13, 2026
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject... Low Unreviewed
CVE-2026-0238 was published May 13, 2026
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions Low
CVE-2026-22706 was published for @strapi/admin (npm) May 13, 2026
zaddy6 Credited to zaddy6, arthurgervais, derrickmehaffy, AndyAnh174, and Aastha2602 arthurgervais arthurgervais
derrickmehaffy derrickmehaffy AndyAnh174 AndyAnh174 Aastha2602 Aastha2602
Astro: Server island encrypted parameters vulnerable to cross-component replay Low
CVE-2026-45028 was published for astro (npm) May 13, 2026
Popax21 Credited to Popax21
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and... Low Unreviewed
CVE-2026-34685 was published May 12, 2026
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through... Low Unreviewed
CVE-2026-44278 was published May 12, 2026
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This... Low Unreviewed
CVE-2026-43514 was published May 12, 2026
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl... Low Unreviewed
CVE-2026-40020 was published May 12, 2026
The application does not impose strict enough restrictions on directory access permissions,... Low Unreviewed
CVE-2026-32684 was published May 12, 2026
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically... Low Unreviewed
CVE-2026-40131 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database