Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

614 advisories

Loading
Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-27290 was published Apr 15, 2026
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have... Low Unreviewed
CVE-2026-40947 was published Apr 16, 2026
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an... High Unreviewed
CVE-2026-6421 was published Apr 17, 2026
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows Moderate
CVE-2026-35603 was published for @anthropic-ai/claude-code (npm) Apr 17, 2026
uutils coreutils has an Untrusted Search Path High
CVE-2026-35368 was published for coreutils (Rust) Apr 22, 2026
A flaw was found in the OpenShift Container Platform build system. A user with the `edit`... Moderate Unreviewed
CVE-2026-7309 was published Apr 28, 2026
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE Critical
CVE-2026-44477 was published for github.com/cloudnative-pg/cloudnative-pg (Go) May 11, 2026
mdisec Credited to mdisec
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges... Moderate Unreviewed
CVE-2026-42830 was published May 12, 2026
Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app... Moderate Unreviewed
CVE-2026-0251 was published May 13, 2026
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow... High Unreviewed
CVE-2026-30906 was published May 13, 2026
Algernon: handler.lua discovery walks parent directories above the server root Critical
CVE-2026-45721 was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
Turbo: Unexpected local code execution during Yarn Berry detection Low
CVE-2026-45772 was published for @turbo/codemod (npm) May 19, 2026
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM Moderate
CVE-2026-45792 was published for rtk (Rust) May 20, 2026
afogel Credited to afogel
ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env High
CVE-2026-47211 was published for ouroboros-ai (pip) May 29, 2026
qerogram Credited to qerogram
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database