Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

4,133 advisories

Loading
In multiple functions of AppOpsService.java, there is a possible missing permission check due to... Low Unreviewed
CVE-2026-28586 was published Jun 2, 2026
In handleBondStateChanged of AdapterService.java, there is a possible sensitive information... Low Unreviewed
CVE-2026-0050 was published Jun 2, 2026
In multiple locations, there is a possible way to execute code in the launcher process due to an... High Unreviewed
CVE-2026-0091 was published Jun 2, 2026
In multiple functions of PackageInstallerService.java, there is a possible way to install... High Unreviewed
CVE-2026-0089 was published Jun 2, 2026
In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to... Low Unreviewed
CVE-2026-0016 was published Jun 2, 2026
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} High
CVE-2026-47412 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members Critical
CVE-2026-47413 was published for praisonai-platform (pip) Jun 1, 2026
praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id} Moderate
CVE-2026-47411 was published for praisonai-platform (pip) Jun 1, 2026
The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is... High Unreviewed
CVE-2026-7465 was published May 30, 2026
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} Critical
CVE-2026-47416 was published for praisonai-platform (pip) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role High
CVE-2026-47409 was published for praisonai-platform (pip) May 29, 2026
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation Critical
CVE-2026-47407 was published for praisonai-platform (pip) May 29, 2026
spbavarva Credited to spbavarva
Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a... High Unreviewed
CVE-2026-9999 was published May 29, 2026
Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote... Critical Unreviewed
CVE-2026-9918 was published May 29, 2026
Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed... High Unreviewed
CVE-2026-9892 was published May 29, 2026
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2026-8809 was published May 29, 2026
Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service... High Unreviewed
CVE-2026-46827 was published May 28, 2026
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component:... High Unreviewed
CVE-2026-46837 was published May 28, 2026
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File... Critical Unreviewed
CVE-2026-46817 was published May 28, 2026
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component:... Critical Unreviewed
CVE-2026-46824 was published May 28, 2026
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An... Critical Unreviewed
CVE-2026-8980 was published May 28, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege... High Unreviewed
CVE-2026-6226 was published May 28, 2026
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. Low Unreviewed
CVE-2026-33552 was published May 27, 2026
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method... Moderate Unreviewed
CVE-2026-48923 was published May 27, 2026
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in... Moderate Unreviewed
CVE-2026-48926 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database