GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
288 advisories
Filter by severity
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based)...
Moderate
Unreviewed
CVE-2026-33119
was published
Apr 11, 2026
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote...
Moderate
Unreviewed
CVE-2026-5895
was published
Apr 9, 2026
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a...
Moderate
Unreviewed
CVE-2026-5891
was published
Apr 9, 2026
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote...
Moderate
Unreviewed
CVE-2026-5898
was published
Apr 9, 2026
Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote...
Moderate
Unreviewed
CVE-2026-5897
was published
Apr 9, 2026
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a...
Moderate
Unreviewed
CVE-2026-5905
was published
Apr 9, 2026
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a...
Moderate
Unreviewed
CVE-2026-5906
was published
Apr 9, 2026
Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker...
Moderate
Unreviewed
CVE-2026-5878
was published
Apr 9, 2026
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a...
Moderate
Unreviewed
CVE-2026-5880
was published
Apr 9, 2026
Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote...
Moderate
Unreviewed
CVE-2026-5882
was published
Apr 9, 2026
Duplicate Advisory: OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv
High
GHSA-w8rf-7qf8-65ww
was published
for
openclaw
(npm)
Mar 31, 2026
•
withdrawn
Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
Moderate
Unreviewed
CVE-2026-3889
was published
Mar 24, 2026
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Moderate
Unreviewed
CVE-2026-0385
was published
Mar 16, 2026
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a...
Moderate
Unreviewed
CVE-2026-3942
was published
Mar 12, 2026
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a...
Moderate
Unreviewed
CVE-2026-3927
was published
Mar 12, 2026
Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71...
Moderate
Unreviewed
CVE-2026-3925
was published
Mar 12, 2026
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an...
Moderate
Unreviewed
CVE-2026-3928
was published
Mar 12, 2026
Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a...
Moderate
Unreviewed
CVE-2026-3937
was published
Mar 12, 2026
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote...
Moderate
Unreviewed
CVE-2026-3935
was published
Mar 12, 2026
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus...
Moderate
Unreviewed
CVE-2026-2919
was published
Mar 9, 2026
Malicious scripts could cause desynchronization between the address bar and web content before a...
Critical
Unreviewed
CVE-2026-2634
was published
Feb 24, 2026
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™...
Moderate
Unreviewed
CVE-2026-1658
was published
Feb 20, 2026
OpenClaw macOS deep link confirmation truncation can conceal executed agent message
High
CVE-2026-26320
was published
for
openclaw
(npm)
Feb 17, 2026
Malicious scripts that interrupt new tab page loading could cause desynchronization between the...
Moderate
Unreviewed
CVE-2026-2032
was published
Feb 16, 2026
Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a...
Moderate
Unreviewed
CVE-2026-2323
was published
Feb 11, 2026
ProTip!
Advisories are also available from the
GraphQL API