GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
164,177 advisories
Filter by severity
Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header
Moderate
CVE-2026-53717
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization
Moderate
CVE-2026-53719
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit
Moderate
CVE-2026-53716
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
Envoy Gateway custom backendRef cross-namespace ReferenceGrant bypass
Moderate
CVE-2026-53718
was published
for
github.com/envoyproxy/gateway
(Go)
Jul 16, 2026
kumactl connects to control plane without verifying TLS certificate when no CA is configured
Moderate
CVE-2026-50166
was published
for
github.com/kumahq/kuma
(Go)
Jul 16, 2026
A flaw was found in the group search functionality of the Keycloak server's administrative API....
Moderate
Unreviewed
CVE-2026-15945
was published
Jul 16, 2026
text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF)...
Moderate
Unreviewed
CVE-2026-63086
was published
Jul 16, 2026
During an internal security assessment, a potential improper access control vulnerability was...
Moderate
Unreviewed
CVE-2026-6511
was published
Jul 16, 2026
A potential missing authentication vulnerability could allow a local privileged attacker to use...
Moderate
Unreviewed
CVE-2026-10590
was published
Jul 16, 2026
A potential vulnerability could allow a local privileged attacker to disclose the address of...
Moderate
Unreviewed
CVE-2026-10588
was published
Jul 16, 2026
A potential out of bounds write vulnerability could allow a local privileged attacker to execute...
Moderate
Unreviewed
CVE-2026-10589
was published
Jul 16, 2026
A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify...
Moderate
Unreviewed
CVE-2026-10587
was published
Jul 16, 2026
Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site...
Moderate
Unreviewed
CVE-2026-63081
was published
Jul 16, 2026
Perfect Support Ticketing & Document Management System through 1.7 contains a broken access...
Moderate
Unreviewed
CVE-2026-63082
was published
Jul 16, 2026
An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation...
Moderate
Unreviewed
CVE-2026-12379
was published
Jul 16, 2026
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application...
Moderate
Unreviewed
CVE-2026-56456
was published
Jul 16, 2026
Authorization Bypass Through User-Controlled Key (CWE-639) in the Order and OrderItem REST API...
Moderate
Unreviewed
CVE-2026-59237
was published
Jul 16, 2026
HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and...
Moderate
Unreviewed
CVE-2026-56454
was published
Jul 16, 2026
HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of...
Moderate
Unreviewed
CVE-2026-56455
was published
Jul 16, 2026
HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A...
Moderate
Unreviewed
CVE-2026-56453
was published
Jul 16, 2026
An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly...
Moderate
Unreviewed
CVE-2026-12391
was published
Jul 16, 2026
An information disclosure vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu...
Moderate
Unreviewed
CVE-2026-9494
was published
Jul 16, 2026
stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite...
Moderate
Unreviewed
CVE-2024-58360
was published
Jul 16, 2026
HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states...
Moderate
Unreviewed
CVE-2026-35148
was published
Jul 16, 2026
HCL DFXServer is affected by an Unencrypted Communication vulnerability. The application permits...
Moderate
Unreviewed
CVE-2026-35146
was published
Jul 16, 2026
ProTip!
Advisories are also available from the
GraphQL API