GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
164,177 advisories
Filter by severity
IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 (...
Moderate
Unreviewed
CVE-2026-14979
was published
Jul 17, 2026
IBM Cognos Analytics 12.1.3 GA Version with build number through 12.1.3-2606251736 could allow an...
Moderate
Unreviewed
CVE-2026-15995
was published
Jul 17, 2026
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message...
Moderate
Unreviewed
CVE-2026-4942
was published
Jul 17, 2026
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9...
Moderate
Unreviewed
CVE-2026-4938
was published
Jul 17, 2026
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary...
Moderate
Unreviewed
CVE-2026-15069
was published
Jul 17, 2026
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to redirect users to...
Moderate
Unreviewed
CVE-2026-15093
was published
Jul 17, 2026
PocketSphinx: Buffer overflows in language and acoustic model loading code
Moderate
CVE-2026-54559
was published
for
pocketsphinx
(pip)
Jul 17, 2026
AngleSharp HTML5 Spec Compliance: mXSS via annotation-xml HTML Integration Point Bypass
Moderate
CVE-2026-54570
was published
for
AngleSharp
(NuGet)
Jul 17, 2026
Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration
Moderate
CVE-2026-40966
was published
for
org.springframework.ai:spring-ai-advisors-vector-store
(Maven)
Apr 28, 2026
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
Moderate
CVE-2026-22751
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 21, 2026
PRoot-Distro has Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs
Moderate
GHSA-mfr4-mq8w-vmg6
was published
for
proot-distro
(pip)
Jul 17, 2026
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes
Moderate
CVE-2026-53496
was published
for
exifreader
(npm)
Jul 17, 2026
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
Moderate
CVE-2026-54561
was published
for
mcp-memory-keeper
(npm)
Jul 17, 2026
Formie: Missing authorization in administrative settings allows low-privileged CP users to modify plugin configuration
Moderate
GHSA-cvpc-hccg-wmw4
was published
for
verbb/formie
(Composer)
Jul 17, 2026
TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard
Moderate
CVE-2026-54546
was published
for
@tak-ps/cloudtak
(npm)
Jul 17, 2026
plone.restapi: Stored XSS by spoofing mime type
Moderate
GHSA-8rqh-vxpr-x77p
was published
for
plone.restapi
(pip)
Jul 17, 2026
plone.app.textfield: Stored XSS by spoofing mime type
Moderate
CVE-2026-54503
was published
for
plone.app.textfield
(pip)
Jul 17, 2026
The NEX-Forms WordPress plugin before 9.2.3 does not sanitise and escape some submitted form...
Moderate
Unreviewed
CVE-2026-10525
was published
Jul 17, 2026
A cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment (PVE) 9.x 5.1.8 and...
Moderate
Unreviewed
CVE-2026-51081
was published
Jul 17, 2026
Incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8...
Moderate
Unreviewed
CVE-2026-51083
was published
Jul 17, 2026
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets.
The random method...
Moderate
Unreviewed
CVE-2026-13082
was published
Jul 17, 2026
A flaw was found in the admin REST API of Keycloak, a solution for identity and access management...
Moderate
Unreviewed
CVE-2026-16106
was published
Jul 17, 2026
HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing)...
Moderate
Unreviewed
CVE-2026-21760
was published
Jul 17, 2026
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context...
Moderate
Unreviewed
CVE-2026-63097
was published
Jul 17, 2026
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows...
Moderate
Unreviewed
CVE-2026-63096
was published
Jul 17, 2026
ProTip!
Advisories are also available from the
GraphQL API