GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
233 advisories
Filter by severity
Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to...
Moderate
Unreviewed
CVE-2026-56277
was published
Jul 1, 2026
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-14079
was published
Jul 1, 2026
Insufficient policy enforcement in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-14039
was published
Jul 1, 2026
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-14046
was published
Jul 1, 2026
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-14053
was published
Jul 1, 2026
Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-14057
was published
Jul 1, 2026
Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-13913
was published
Jul 1, 2026
Inappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-13887
was published
Jul 1, 2026
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-13881
was published
Jul 1, 2026
Insufficient policy enforcement in Canvas in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-13840
was published
Jul 1, 2026
Inappropriate implementation in Network in Google Chrome on Android prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-13868
was published
Jul 1, 2026
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-13838
was published
Jul 1, 2026
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-13839
was published
Jul 1, 2026
Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-13822
was published
Jul 1, 2026
Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-13826
was published
Jul 1, 2026
Insufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-13793
was published
Jul 1, 2026
A cross-origin issue was addressed with improved tracking of security origins. This issue is...
Moderate
Unreviewed
CVE-2026-43700
was published
Jun 29, 2026
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a...
Moderate
Unreviewed
CVE-2026-13034
was published
Jun 24, 2026
Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0...
Moderate
Unreviewed
CVE-2026-13021
was published
Jun 24, 2026
Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a...
Moderate
Unreviewed
CVE-2026-13022
was published
Jun 24, 2026
Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request...
Moderate
Unreviewed
CVE-2026-54665
was published
Jun 22, 2026
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a...
Moderate
Unreviewed
CVE-2026-12024
was published
Jun 12, 2026
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending...
Moderate
Unreviewed
CVE-2026-44755
was published
Jun 9, 2026
Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin...
Moderate
Unreviewed
CVE-2026-43972
was published
Jun 8, 2026
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match()...
Moderate
Unreviewed
CVE-2026-37737
was published
Jun 5, 2026
ProTip!
Advisories are also available from the
GraphQL API