Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,112
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,417
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,146 advisories

Loading
parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change Low
GHSA-97pr-9hgg-3p8r was published for parse-server (npm) Jun 19, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA... Low Unreviewed
CVE-2026-46977 was published Jun 17, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Low Unreviewed
CVE-2026-46874 was published Jun 17, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA... Low Unreviewed
CVE-2026-46816 was published Jun 17, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA... Low Unreviewed
CVE-2026-46815 was published Jun 17, 2026
Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json` Low
GHSA-rq7w-g337-39qq was published for nuxt (npm) Jun 15, 2026
manop55555 Credited to manop55555
@babel/core: Arbitrary File Read via sourceMappingURL Comment Low
CVE-2026-49356 was published for @babel/core (npm) Jun 15, 2026
radoi-teodor Credited to radoi-teodor, JLHwung, nicolo-ribaudo, and liuxingbaoyu JLHwung JLHwung
nicolo-ribaudo nicolo-ribaudo liuxingbaoyu liuxingbaoyu
A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the... Low Unreviewed
CVE-2026-11464 was published Jun 8, 2026
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an... Low Unreviewed
CVE-2026-11459 was published Jun 7, 2026
Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed... Low Unreviewed
CVE-2026-9991 was published May 29, 2026
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote... Low Unreviewed
CVE-2026-10011 was published May 29, 2026
A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive... Low Unreviewed
CVE-2026-9583 was published May 26, 2026
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or... Low Unreviewed
CVE-2025-31985 was published May 20, 2026
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs Low
CVE-2026-45739 was published for strawberry-graphql (pip) May 19, 2026
lpschroer Credited to lpschroer, bellini666, and patrick91 bellini666 bellini666
patrick91 patrick91
OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure Low
CVE-2026-45683 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
@kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Low
CVE-2026-8766 was published for @kilocode/cli (npm) May 18, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation... Low Unreviewed
CVE-2026-5266 was published May 11, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation... Low Unreviewed
CVE-2026-34093 was published May 11, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation... Low Unreviewed
CVE-2026-34088 was published May 11, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation... Low Unreviewed
CVE-2026-34092 was published May 11, 2026
rpassword affected by partial password reveal when input is interrupted Low
GHSA-2p6r-x3vv-xqm2 was published for rpassword (Rust) May 6, 2026
DevLaTron Credited to DevLaTron and squell squell squell
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify... Low Unreviewed
CVE-2026-8028 was published May 6, 2026
HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue... Low Unreviewed
CVE-2025-31975 was published May 6, 2026
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or... Low Unreviewed
CVE-2025-31984 was published May 6, 2026
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but... Low Unreviewed
CVE-2025-31982 was published May 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database