Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,115
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,417
Swift
61
Unreviewed advisories
All unreviewed
5,000+

12,495 advisories

Loading
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197... Moderate Unreviewed
CVE-2026-13024 was published Jun 24, 2026
Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had... High Unreviewed
CVE-2026-13025 was published Jun 24, 2026
OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering Moderate
CVE-2026-53541 was published for github.com/OliveTin/OliveTin (Go) Jun 24, 2026
iconnnjka Credited to iconnnjka
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI ... Critical Unreviewed
CVE-2026-12537 was published Jun 24, 2026
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and... High Unreviewed
CVE-2026-13006 was published Jun 24, 2026
Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(),... Moderate Unreviewed
CVE-2026-56762 was published Jun 23, 2026
Gogs has the ability to import local repositories via Mirror Settings High
CVE-2026-52801 was published for gogs.io/gogs (Go) Jun 23, 2026
KKC73 Credited to KKC73
Inspektor Gadget: Unprivileged container can crash USDT note parser via crafted ELF (no shipped gadget affected) Low
CVE-2026-44778 was published for github.com/inspektor-gadget/inspektor-gadget (Go) Jun 22, 2026
AVideo Vulnerable to Unauthenticated .env File Exposure via Official Docker Compose Configuration High
CVE-2026-33692 was published for wwbn/avideo (Composer) Jun 22, 2026
morimori-dev Credited to morimori-dev
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature High
CVE-2026-21887 was published for pycti (pip) Jun 22, 2026
DaffySpider Credited to DaffySpider and TristanInSec TristanInSec TristanInSec
Gogs has a Denial of Service in repository/wiki file listing web pages Moderate
CVE-2025-64719 was published for gogs.io/gogs (Go) Jun 22, 2026
0xless Credited to 0xless
The vulnerability is present in the ‘/addJugador’ endpoint: * The 'keyJugador' and ... Critical Unreviewed
CVE-2026-7165 was published Jun 22, 2026
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0... Low Unreviewed
CVE-2026-12787 was published Jun 21, 2026
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal... High Unreviewed
CVE-2026-56340 was published Jun 20, 2026
Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in... Low Unreviewed
CVE-2026-56325 was published Jun 20, 2026
Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in... Moderate Unreviewed
CVE-2026-56228 was published Jun 20, 2026
Craft Commerce: Partial Payment Amount Without Lower Bound Validation Moderate
GHSA-78vr-q6cf-c7p6 was published for craftcms/commerce (Composer) Jun 19, 2026
mesut-ucar Credited to mesut-ucar
UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps() Moderate
CVE-2026-54911 was published for ujson (pip) Jun 19, 2026
Zwique Credited to Zwique, bwoodsend, and hugovk bwoodsend bwoodsend
hugovk hugovk
containerd CRI checkpoint restore CDI annotation smuggling High
CVE-2026-53492 was published for github.com/containerd/containerd/v2 (Go) Jun 19, 2026
robertprast Credited to robertprast
ux-live-component: Format-less date LiveProps parsed with the permissive DateTime constructor Moderate
CVE-2026-49208 was published for symfony/ux-live-component (Composer) Jun 19, 2026
Amoifr Credited to Amoifr and Kocal Kocal Kocal
The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email... Moderate Unreviewed
CVE-2026-21768 was published Jun 19, 2026
Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of... Moderate Unreviewed
CVE-2026-39998 was published Jun 19, 2026
OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently Moderate
CVE-2026-53859 was published for openclaw (npm) Jun 18, 2026
nayakchinmohan Credited to nayakchinmohan
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape Moderate
CVE-2026-54319 was published for github.com/daytonaio/daytona (Go) Jun 18, 2026
vnth4nhnt Credited to vnth4nhnt
BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing Low
CVE-2026-12566 was published for bbot (pip) Jun 18, 2026
sondt99 Credited to sondt99
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database