Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

4,133 advisories

Loading
In multiple functions of AppOpsService.java, there is a possible missing permission check due to... Low Unreviewed
CVE-2026-28586 was published Jun 2, 2026
In handleBondStateChanged of AdapterService.java, there is a possible sensitive information... Low Unreviewed
CVE-2026-0050 was published Jun 2, 2026
In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to... Low Unreviewed
CVE-2026-0016 was published Jun 2, 2026
In multiple locations, there is a possible way to execute code in the launcher process due to an... High Unreviewed
CVE-2026-0091 was published Jun 2, 2026
In multiple functions of PackageInstallerService.java, there is a possible way to install... High Unreviewed
CVE-2026-0089 was published Jun 2, 2026
praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} High
CVE-2026-47412 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members Critical
CVE-2026-47413 was published for praisonai-platform (pip) Jun 1, 2026
praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id} Moderate
CVE-2026-47411 was published for praisonai-platform (pip) Jun 1, 2026
Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read High
CVE-2026-46617 was published for github.com/fission/fission (Go) May 21, 2026
FORIMOC Credited to FORIMOC, Yuremin, and sanketsudake Yuremin Yuremin
sanketsudake sanketsudake
phpMyFAQ: IDOR Account Takeover High
CVE-2026-35671 was published for phpmyfaq/phpmyfaq (Composer) May 20, 2026
cyberHunter127 Credited to cyberHunter127
The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is... High Unreviewed
CVE-2026-7465 was published May 30, 2026
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} Critical
CVE-2026-47416 was published for praisonai-platform (pip) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role High
CVE-2026-47409 was published for praisonai-platform (pip) May 29, 2026
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation Critical
CVE-2026-47407 was published for praisonai-platform (pip) May 29, 2026
spbavarva Credited to spbavarva
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain... High Unreviewed
CVE-2016-10010 was published May 14, 2022
Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed... High Unreviewed
CVE-2026-9892 was published May 29, 2026
Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a... High Unreviewed
CVE-2026-9999 was published May 29, 2026
Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote... Critical Unreviewed
CVE-2026-9918 was published May 29, 2026
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File... Critical Unreviewed
CVE-2026-46817 was published May 28, 2026
Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service... High Unreviewed
CVE-2026-46827 was published May 28, 2026
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component:... Critical Unreviewed
CVE-2026-46824 was published May 28, 2026
Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component:... High Unreviewed
CVE-2026-46837 was published May 28, 2026
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2026-8809 was published May 29, 2026
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as... Low Unreviewed
CVE-2020-15368 was published May 24, 2022
An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions:... High Unreviewed
CVE-2017-13165 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database