Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

12,742 advisories

Loading
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function... Low Unreviewed
CVE-2026-13482 was published Jun 28, 2026
Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a... Low Unreviewed
CVE-2026-58057 was published Jun 28, 2026
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute... Low Unreviewed
CVE-2023-20540 was published Jun 26, 2026
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly... Low Unreviewed
CVE-2026-3472 was published Jun 26, 2026
HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import... Low Unreviewed
CVE-2026-57940 was published Jun 26, 2026
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype... Low Unreviewed
CVE-2026-57926 was published Jun 26, 2026
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible Low Unreviewed
CVE-2026-57922 was published Jun 26, 2026
A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket... Low Unreviewed
CVE-2026-48936 was published Jun 26, 2026
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was... Low Unreviewed
CVE-2026-48935 was published Jun 26, 2026
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest... Low Unreviewed
CVE-2026-13322 was published Jun 26, 2026
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt... Low Unreviewed
CVE-2026-6092 was published Jun 26, 2026
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms... Low Unreviewed
CVE-2026-6325 was published Jun 26, 2026
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted... Low Unreviewed
CVE-2026-6331 was published Jun 26, 2026
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1... Low Unreviewed
CVE-2026-6412 was published Jun 25, 2026
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not... Low Unreviewed
CVE-2026-6450 was published Jun 25, 2026
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing... Low Unreviewed
CVE-2026-6681 was published Jun 25, 2026
Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to... Low Unreviewed
CVE-2026-6678 was published Jun 25, 2026
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026... Low Unreviewed
CVE-2026-7531 was published Jun 25, 2026
Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in... Low Unreviewed
CVE-2026-57522 was published Jun 25, 2026
The X25519 x86_64 assembly implementation fails to clear the most significant bit during the... Low Unreviewed
CVE-2026-10512 was published Jun 25, 2026
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were... Low Unreviewed
CVE-2026-55967 was published Jun 25, 2026
A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose ... Low Unreviewed
CVE-2026-48940 was published Jun 25, 2026
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin. Low Unreviewed
CVE-2026-13314 was published Jun 25, 2026
Content injected to PDF rendering contexts could, in many places, include HTML content including ... Low Unreviewed
CVE-2026-57535 was published Jun 25, 2026
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file... Low Unreviewed
CVE-2026-57588 was published Jun 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database