Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

162 advisories

Loading
Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark Critical
CVE-2026-45058 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible) High
CVE-2026-42575 was published for chainguard.dev/apko (Go) May 4, 2026
1seal Credited to 1seal and antitree antitree antitree
Ollama for Windows does not perform integrity or authenticity verification of downloaded update... High Unreviewed
CVE-2026-42248 was published Apr 29, 2026
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The ... High Unreviewed
CVE-2026-40066 was published Apr 17, 2026
Axios npm Supply Chain Incident Impacting @usebruno/cli Critical
CVE-2026-34841 was published for @usebruno/cli (npm) Apr 2, 2026
TrueConf Client downloads application update code and applies it without performing verification.... High Unreviewed
CVE-2026-3502 was published Mar 30, 2026
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack High
CVE-2026-28500 was published for onnx (pip) Mar 16, 2026
ZeroXJacks Credited to ZeroXJacks
An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver... Moderate Unreviewed
CVE-2026-1878 was published Mar 12, 2026
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability,... Critical Unreviewed
CVE-2026-3000 was published Mar 2, 2026
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability,... Critical Unreviewed
CVE-2026-2999 was published Mar 2, 2026
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows... Moderate Unreviewed
CVE-2025-47904 was published Feb 24, 2026
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution... Critical Unreviewed
CVE-2026-27180 was published Feb 19, 2026
The firmware update functionality does not verify the authenticity of the supplied firmware... Moderate Unreviewed
CVE-2025-15575 was published Feb 12, 2026
A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco... Moderate Unreviewed
CVE-2026-20056 was published Feb 4, 2026
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity... High Unreviewed
CVE-2025-15556 was published Feb 3, 2026
pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies High
CVE-2025-69263 was published for pnpm (npm) Jan 7, 2026
orenyomtov Credited to orenyomtov
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before... High Unreviewed
CVE-2025-55310 was published Dec 11, 2025
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within... Critical Unreviewed
CVE-2025-14265 was published Dec 11, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of... Low Unreviewed
CVE-2025-66331 was published Dec 8, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of... Low Unreviewed
CVE-2025-66333 was published Dec 8, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of... Low Unreviewed
CVE-2025-66332 was published Dec 8, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of... Low Unreviewed
CVE-2025-66334 was published Dec 8, 2025
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute... High Unreviewed
CVE-2025-61228 was published Dec 1, 2025
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure... High Unreviewed
CVE-2025-63434 was published Nov 24, 2025
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance... Moderate Unreviewed
CVE-2025-40604 was published Nov 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database