Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,891
Erlang
24
GitHub Actions
39
Go
2,240
Maven
2,698
npm
2,899
NuGet
500
pip
2,728
Pub
5
RubyGems
364
Rust
889
Swift
19
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

219 advisories

Loading
Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted... Moderate Unreviewed
CVE-2026-41469 was published Apr 22, 2026
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and... High Unreviewed
CVE-2026-22753 was published Apr 22, 2026
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Moderate Unreviewed
CVE-2026-22013 was published Apr 21, 2026
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150. Moderate Unreviewed
CVE-2026-6774 was published Apr 21, 2026
Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150 and... Moderate Unreviewed
CVE-2026-6763 was published Apr 21, 2026
NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] ... Critical Unreviewed
CVE-2026-29649 was published Apr 20, 2026
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-32225 was published Apr 14, 2026
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing... Moderate Unreviewed
CVE-2026-32202 was published Apr 14, 2026
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker... Moderate Unreviewed
CVE-2026-5911 was published Apr 9, 2026
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker... Moderate Unreviewed
CVE-2026-5903 was published Apr 9, 2026
Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who... Moderate Unreviewed
CVE-2026-5896 was published Apr 9, 2026
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to... Moderate Unreviewed
CVE-2026-5900 was published Apr 9, 2026
Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a... Moderate Unreviewed
CVE-2026-5276 was published Apr 1, 2026
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2026-20701 was published Mar 25, 2026
This issue was addressed through improved state management. This issue is fixed in Safari 26.4,... Moderate Unreviewed
CVE-2026-20665 was published Mar 25, 2026
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed... Moderate Unreviewed
CVE-2025-52643 was published Mar 16, 2026
In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could... High Unreviewed
CVE-2026-0118 was published Mar 10, 2026
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2... High Unreviewed
CVE-2024-55024 was published Mar 3, 2026
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage... High Unreviewed
CVE-2025-48653 was published Mar 2, 2026
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access... High Unreviewed
CVE-2026-0011 was published Mar 2, 2026
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a... High Unreviewed
CVE-2025-48602 was published Mar 2, 2026
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to... High Unreviewed
CVE-2025-48605 was published Mar 2, 2026
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch... High Unreviewed
CVE-2024-31328 was published Mar 2, 2026
The CGM CLININET application respond without essential security HTTP headers, exposing users to... Moderate Unreviewed
CVE-2025-58406 was published Mar 2, 2026
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148,... Critical Unreviewed
CVE-2026-2761 was published Feb 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database