GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31,885 advisories
Filter by severity
The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately...
Critical
Unreviewed
CVE-2026-15422
was published
Jul 16, 2026
WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one...
Critical
Unreviewed
CVE-2026-63089
was published
Jul 16, 2026
Pheditor: Hardcoded default password 'admin' with no forced change enables full application compromise
Critical
CVE-2026-55579
was published
for
pheditor/pheditor
(Composer)
Jul 16, 2026
Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure
Critical
CVE-2026-53713
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
gree/jose - "None" Algorithm treated as valid in tokens
Critical
GHSA-9gxv-x7rp-r2hc
was published
for
gree/jose
(Composer)
May 15, 2024
Pegatron `Tdelo64.sys` improperly exposes privileged hardware access functionality through the `\...
Critical
Unreviewed
CVE-2026-14960
was published
Jul 15, 2026
Buffer Overflow vulnerability in Tenda AC10 v3 (firmware V03.03.16.09) allows attackers to cause...
Critical
Unreviewed
CVE-2026-51380
was published
Jul 15, 2026
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding...
Critical
Unreviewed
CVE-2026-10840
was published
Jun 4, 2026
A improper neutralization of special elements used in an os command ('os command injection')...
Critical
Unreviewed
CVE-2026-25089
was published
Jun 9, 2026
A improper neutralization of special elements used in an os command ('os command injection')...
Critical
Unreviewed
CVE-2026-39808
was published
Apr 14, 2026
Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerability that allows...
Critical
Unreviewed
CVE-2026-63087
was published
Jul 16, 2026
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one...
Critical
Unreviewed
CVE-2026-12492
was published
Jul 16, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker...
Critical
Unreviewed
CVE-2026-58644
was published
Jul 14, 2026
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server...
Critical
Unreviewed
CVE-2026-30618
was published
Jul 16, 2026
LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation...
Critical
Unreviewed
CVE-2026-30623
was published
Jul 16, 2026
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in...
Critical
Unreviewed
CVE-2026-63306
was published
Jul 16, 2026
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly...
Critical
Unreviewed
CVE-2026-11386
was published
Jul 16, 2026
AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php...
Critical
Unreviewed
CVE-2026-63305
was published
Jul 16, 2026
AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone...
Critical
Unreviewed
CVE-2026-63304
was published
Jul 16, 2026
NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is...
Critical
Unreviewed
CVE-2026-42530
was published
Jun 17, 2026
An unauthenticated remote attacker is able to perform remote code execution due to incorrectly...
Critical
Unreviewed
CVE-2023-49900
was published
Jul 16, 2026
An unauthenticated remote attacker can execute any command on the affected device due to not...
Critical
Unreviewed
CVE-2023-49899
was published
Jul 16, 2026
Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may...
Critical
Unreviewed
CVE-2026-15925
was published
Jul 16, 2026
Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization...
Critical
Unreviewed
CVE-2026-22752
was published
Jul 16, 2026
A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an...
Critical
Unreviewed
CVE-2026-14544
was published
Jul 3, 2026
ProTip!
Advisories are also available from the
GraphQL API