Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,465 advisories

Loading
Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... High Unreviewed
CVE-2026-8518 was published May 14, 2026
Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker... High Unreviewed
CVE-2026-8521 was published May 14, 2026
Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote... High Unreviewed
CVE-2026-8522 was published May 14, 2026
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... High Unreviewed
CVE-2026-8540 was published May 14, 2026
Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker... High Unreviewed
CVE-2026-8529 was published May 14, 2026
Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... High Unreviewed
CVE-2026-8532 was published May 14, 2026
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... High Unreviewed
CVE-2026-8544 was published May 14, 2026
Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168... High Unreviewed
CVE-2026-8547 was published May 14, 2026
Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote... High Unreviewed
CVE-2026-8555 was published May 14, 2026
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... High Unreviewed
CVE-2026-8549 was published May 14, 2026
Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker... High Unreviewed
CVE-2026-8551 was published May 14, 2026
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable... High Unreviewed
CVE-2026-3290 was published May 14, 2026
Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker... High Unreviewed
CVE-2026-8509 was published May 14, 2026
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a... High Unreviewed
CVE-2026-8517 was published May 14, 2026
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin... High Unreviewed
CVE-2026-8621 was published May 14, 2026
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard... High Unreviewed
CVE-2026-33377 was published May 13, 2026
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang... High Unreviewed
CVE-2026-37430 was published May 13, 2026
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter... High Unreviewed
CVE-2026-43291 was published May 8, 2026
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of... High Unreviewed
CVE-2018-6400 was published May 13, 2022
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover High
CVE-2026-46480 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover High
CVE-2026-46479 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover High
CVE-2026-46478 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover High
CVE-2026-46477 was published for flowise (npm) May 14, 2026
offset Credited to offset
FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover High
CVE-2026-46476 was published for flowise (npm) May 14, 2026
offset Credited to offset
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @ranfdev/deepobj High
CVE-2026-46509 was published for @ranfdev/deepobj (npm) May 14, 2026
0xBassia Credited to 0xBassia
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database