GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
164,150 advisories
Filter by severity
OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox...
Moderate
Unreviewed
CVE-2026-62201
was published
Jul 17, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Windows...
Moderate
Unreviewed
CVE-2026-58643
was published
Jul 17, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft...
Moderate
Unreviewed
CVE-2026-62826
was published
Jul 17, 2026
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-14782
was published
Jul 17, 2026
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor...
Moderate
Unreviewed
CVE-2026-13713
was published
Jul 17, 2026
An out-of-bounds read vulnerability in the Productivity Suite allows a
local attacker to trigger...
Moderate
Unreviewed
CVE-2026-57896
was published
Jul 16, 2026
An out-of-bounds read in the Productivity Suite allows a physical
attacker to control the length...
Moderate
Unreviewed
CVE-2026-60073
was published
Jul 16, 2026
A divide-by-zero vulnerability in the Productivity Suite allows a local
attacker to cause a...
Moderate
Unreviewed
CVE-2026-61378
was published
Jul 16, 2026
An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote...
Moderate
Unreviewed
CVE-2024-32385
was published
Jul 16, 2026
An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote...
Moderate
Unreviewed
CVE-2024-32387
was published
Jul 16, 2026
A time-of-check to time-of-use (TOCTOU) flaw in the illumos data-link pseudo-driver (dld) affects...
Moderate
Unreviewed
CVE-2026-15449
was published
Jul 16, 2026
An issue in OPSWAT AppRemover Driver (ardrv.sys) v2017.10.02.1551 and earlier in IOCTL handler...
Moderate
Unreviewed
CVE-2026-36425
was published
Jul 16, 2026
An out-of-bounds read vulnerability in the Productivity Suite allows a
local attacker to trigger...
Moderate
Unreviewed
CVE-2026-60140
was published
Jul 16, 2026
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to...
Moderate
Unreviewed
CVE-2026-47089
was published
Jul 16, 2026
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can...
Moderate
Unreviewed
CVE-2026-47085
was published
Jul 16, 2026
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command...
Moderate
Unreviewed
CVE-2026-47084
was published
Jul 16, 2026
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross...
Moderate
Unreviewed
CVE-2026-47083
was published
Jul 16, 2026
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature...
Moderate
Unreviewed
CVE-2026-47082
was published
Jul 16, 2026
kuma-dp connects to control plane without verifying TLS certificate when no CA is configured
Moderate
CVE-2026-52724
was published
for
github.com/kumahq/kuma
(Go)
Jul 16, 2026
Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container
Moderate
CVE-2026-52832
was published
for
github.com/nuclio/nuclio
(Go)
Jul 16, 2026
Diesel has possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`
Moderate
GHSA-ggxf-9f6j-w742
was published
for
diesel
(Rust)
Jul 16, 2026
Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock
Moderate
CVE-2026-53715
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header
Moderate
CVE-2026-53717
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization
Moderate
CVE-2026-53719
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit
Moderate
CVE-2026-53716
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
ProTip!
Advisories are also available from the
GraphQL API