GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31,885 advisories
Filter by severity
ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path...
Critical
Unreviewed
CVE-2026-48318
was published
Jul 14, 2026
ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command (...
Critical
Unreviewed
CVE-2026-48324
was published
Jul 14, 2026
ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege...
Critical
Unreviewed
CVE-2026-48321
was published
Jul 14, 2026
ColdFusion is affected by an Improper Input Validation vulnerability that could result in...
Critical
Unreviewed
CVE-2026-48284
was published
Jul 14, 2026
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote...
Critical
Unreviewed
CVE-2026-15773
was published
Jul 14, 2026
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ...
Critical
Unreviewed
CVE-2026-48359
was published
Jul 14, 2026
Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could...
Critical
Unreviewed
CVE-2026-48358
was published
Jul 14, 2026
Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability...
Critical
Unreviewed
CVE-2026-48356
was published
Jul 14, 2026
Adobe Experience Manager is affected by a Server-Side Request Forgery (SSRF) vulnerability that...
Critical
Unreviewed
CVE-2026-48259
was published
Jul 14, 2026
The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to...
Critical
Unreviewed
CVE-2026-13001
was published
Jul 14, 2026
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance...
Critical
Unreviewed
CVE-2026-15409
was published
Jul 14, 2026
FacturaScripts: Path traversal in UploadedFile::move() via getClientOriginalName() — arbitrary file write outside MyFiles/ leading to RCE
Critical
GHSA-hgjx-r89m-m7v4
was published
for
facturascripts/facturascripts
(Composer)
Jul 14, 2026
TidGi Desktop Remote Code Execution via Malicious TiddlyWiki Repository Import — Tiddler Startup Module Auto-Execution
Critical
GHSA-9hc2-hjx8-q6pv
was published
for
tidgi
(npm)
Jul 14, 2026
n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments
Critical
CVE-2026-54052
was published
for
n8n-mcp
(npm)
Jul 14, 2026
Anyquery: Arbitrary File Write (AFW) which could lead to Remote Code Execution (RCE) via Unrestricted ATTACH DATABASE in Server Mode
Critical
CVE-2026-50006
was published
for
github.com/julien040/anyquery
(Go)
Jul 14, 2026
Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a...
Critical
Unreviewed
CVE-2026-57092
was published
Jul 14, 2026
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over...
Critical
Unreviewed
CVE-2026-56190
was published
Jul 14, 2026
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code...
Critical
Unreviewed
CVE-2026-56159
was published
Jul 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in...
Critical
Unreviewed
CVE-2026-56188
was published
Jul 14, 2026
Deserialization of untrusted data in Microsoft Dynamics NAV allows an unauthorized attacker to...
Critical
Unreviewed
CVE-2026-55944
was published
Jul 14, 2026
Weak authentication in Microsoft Office SharePoint allows an unauthorized attacker to bypass a...
Critical
Unreviewed
CVE-2026-55040
was published
Jul 14, 2026
Heap-based buffer overflow in Minecraft Bedrock Dedicated Server allows an unauthorized attacker...
Critical
Unreviewed
CVE-2026-55010
was published
Jul 14, 2026
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code...
Critical
Unreviewed
CVE-2026-50518
was published
Jul 14, 2026
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute...
Critical
Unreviewed
CVE-2026-50447
was published
Jul 14, 2026
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a...
Critical
Unreviewed
CVE-2026-50380
was published
Jul 14, 2026
ProTip!
Advisories are also available from the
GraphQL API