GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 15,098
Composer 2,891
Erlang 24
GitHub Actions 39
Go 2,240
Maven 2,698
npm 2,899
NuGet 500
pip 2,728
Pub 5
RubyGems 364
Rust 889
Swift 19

Unreviewed advisories

All unreviewed 139,981

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

98 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted... Moderate Unreviewed

CVE-2026-41469 was published Apr 22, 2026

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Moderate Unreviewed

CVE-2026-22013 was published Apr 21, 2026

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed

CVE-2026-6774 was published Apr 21, 2026

Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150 and... Moderate Unreviewed

CVE-2026-6763 was published Apr 21, 2026

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing... Moderate Unreviewed

CVE-2026-32202 was published Apr 14, 2026

Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker... Moderate Unreviewed

CVE-2026-5911 was published Apr 9, 2026

Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who... Moderate Unreviewed

CVE-2026-5896 was published Apr 9, 2026

Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to... Moderate Unreviewed

CVE-2026-5900 was published Apr 9, 2026

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker... Moderate Unreviewed

CVE-2026-5903 was published Apr 9, 2026

Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a... Moderate Unreviewed

CVE-2026-5276 was published Apr 1, 2026

This issue was addressed through improved state management. This issue is fixed in Safari 26.4,... Moderate Unreviewed

CVE-2026-20665 was published Mar 25, 2026

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed... Moderate Unreviewed

CVE-2025-52643 was published Mar 16, 2026

The CGM CLININET application respond without essential security HTTP headers, exposing users to... Moderate Unreviewed

CVE-2025-58406 was published Mar 2, 2026

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP... Moderate Unreviewed

CVE-2026-0620 was published Feb 3, 2026

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for... Moderate Unreviewed

CVE-2026-1232 was published Feb 2, 2026

Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to... Moderate Unreviewed

CVE-2026-20824 was published Jan 13, 2026

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip... Moderate Unreviewed

CVE-2025-15422 was published Jan 2, 2026

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal ... Moderate Unreviewed

CVE-2025-59849 was published Dec 17, 2025

The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism... Moderate Unreviewed

CVE-2025-34412 was published Dec 15, 2025

In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the... Moderate Unreviewed

CVE-2025-36938 was published Dec 11, 2025

Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass... Moderate Unreviewed

CVE-2025-29864 was published Dec 3, 2025

The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass... Moderate Unreviewed

CVE-2025-11260 was published Nov 13, 2025

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an... Moderate Unreviewed

CVE-2025-62453 was published Nov 11, 2025

Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Moderate Unreviewed

CVE-2025-24834 was published Nov 11, 2025

Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Moderate Unreviewed

CVE-2025-24848 was published Nov 11, 2025

Previous1…4 Next

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

98 advisories