GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,628
Composer 5,817
Erlang 61
GitHub Actions 50
Go 3,821
Maven 6,571
npm 6,204
NuGet 939
pip 5,090
Pub 13
RubyGems 1,059
Rust 1,357
Swift 54

Unreviewed advisories

All unreviewed 302,755

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

30,224 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An administrative user with access to configure webhooks can execute arbitrary commands by... Critical Unreviewed

CVE-2026-8431 was published May 12, 2026

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira &... Critical Unreviewed

CVE-2026-41103 was published May 12, 2026

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code... Critical Unreviewed

CVE-2026-41089 was published May 12, 2026

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute... Critical Unreviewed

CVE-2026-41096 was published May 12, 2026

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator... Critical Unreviewed

CVE-2026-44277 was published May 12, 2026

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges... Critical Unreviewed

CVE-2026-42823 was published May 12, 2026

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an... Critical Unreviewed

CVE-2026-42833 was published May 12, 2026

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises)... Critical Unreviewed

CVE-2026-42898 was published May 12, 2026

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. Critical Unreviewed

CVE-2026-40402 was published May 12, 2026

Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an... Critical Unreviewed

CVE-2026-40379 was published May 12, 2026

Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature... Critical Unreviewed

CVE-2026-33117 was published May 12, 2026

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox... Critical Unreviewed

CVE-2026-26083 was published May 12, 2026

Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before... Critical Unreviewed

CVE-2026-20794 was published May 12, 2026

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API... Critical Unreviewed

CVE-2026-30805 was published May 12, 2026

query-parser-string is vulnerable to Prototype Pollution Critical

CVE-2025-63704 was published for query-string-parser (npm) May 7, 2026

next-npm-version is vulnerable to Command injection Critical

CVE-2025-63706 was published for @jswork/next-npm-version (npm) May 7, 2026

parse-ini is vulnerable to Prototype Pollution in index.js() Critical

CVE-2025-63703 was published for parse-ini (npm) May 7, 2026

OpenClaude Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input Critical

CVE-2026-42074 was published for openclaude (npm) May 12, 2026

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied... Critical Unreviewed

CVE-2026-38567 was published May 11, 2026

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability... Critical Unreviewed

CVE-2026-24858 was published Jan 27, 2026

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote... Critical Unreviewed

CVE-2026-8043 was published May 12, 2026

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal)... Critical Unreviewed

CVE-2026-0300 was published May 6, 2026

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads... Critical Unreviewed

CVE-2026-31789 was published Apr 8, 2026

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML... Critical Unreviewed

CVE-2025-49796 was published Jun 16, 2025

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath... Critical Unreviewed

CVE-2025-49794 was published Jun 16, 2025

Previous 1…7…400 Next

Previous 1 2 … 5 6 7 8 9 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

30,224 advisories