Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,245 advisories

Loading
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain... Moderate Unreviewed
CVE-2026-8570 was published May 14, 2026
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778... Moderate Unreviewed
CVE-2026-8528 was published May 14, 2026
Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168... Moderate Unreviewed
CVE-2026-8537 was published May 14, 2026
Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168... Moderate Unreviewed
CVE-2026-8538 was published May 14, 2026
Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who... Moderate Unreviewed
CVE-2026-8541 was published May 14, 2026
Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168... Moderate Unreviewed
CVE-2026-8535 was published May 14, 2026
Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a... Moderate Unreviewed
CVE-2026-8539 was published May 14, 2026
Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote... Moderate Unreviewed
CVE-2026-8543 was published May 14, 2026
Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a... Moderate Unreviewed
CVE-2026-8546 was published May 14, 2026
Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker... Moderate Unreviewed
CVE-2026-8550 was published May 14, 2026
Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778... Moderate Unreviewed
CVE-2026-8516 was published May 14, 2026
Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Cleartext Transmission of... Moderate Unreviewed
CVE-2026-38740 was published May 14, 2026
@utcp/http: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol Moderate
CVE-2026-45366 was published for @utcp/http (npm) May 14, 2026
YLChen-007 Credited to YLChen-007
slack-go `SecretsVerifier` accepts empty signing secret without precondition Moderate
GHSA-gxhx-2686-5h9g was published for github.com/slack-go/slack (Go) May 14, 2026
SnailSploit Credited to SnailSploit
Svelte: SSR XSS via Insecure Promise Serialization in hydratable Moderate
GHSA-f3cj-j4f6-wq85 was published for svelte (npm) May 14, 2026
dummdidumm Credited to dummdidumm and elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
electerm's encrypt method not safe enough Moderate
CVE-2026-45787 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State Moderate
CVE-2026-42573 was published for svelte (npm) May 14, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github and dummdidumm dummdidumm dummdidumm
Svelte: ReDoS in `<svelte:element>` Tag Validation Moderate
CVE-2026-42567 was published for svelte (npm) May 14, 2026
Meltedd Credited to Meltedd, dummdidumm, and elliott-with-the-longest-name-on-github dummdidumm dummdidumm
elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) Moderate
CVE-2026-45667 was published for open-webui (pip) May 14, 2026
densi97 Credited to densi97
Open WebUI has an Indirect Object Reference (IDOR) in user notes Moderate
CVE-2026-45666 was published for open-webui (pip) May 14, 2026
zeeshanyshaikh Credited to zeeshanyshaikh
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure Moderate
CVE-2026-45397 was published for open-webui (pip) May 14, 2026
0xRyuzak1 Credited to 0xRyuzak1
Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation Moderate
CVE-2026-45396 was published for open-webui (pip) May 14, 2026
yantongggg Credited to yantongggg
Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage) Moderate
CVE-2026-45387 was published for open-webui (pip) May 14, 2026
Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint Moderate
CVE-2026-45386 was published for open-webui (pip) May 14, 2026
kikayli Credited to kikayli and Classic298 Classic298 Classic298
Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint Moderate
CVE-2026-45385 was published for open-webui (pip) May 14, 2026
kikayli Credited to kikayli and Classic298 Classic298 Classic298
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database