Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

551 advisories

Loading
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service. Moderate
CVE-2026-54775 was published for CoreWCF.Kafka (NuGet) Jun 19, 2026
protobufjs : Schema-derived names can shadow runtime-significant properties Moderate
CVE-2026-54269 was published for protobufjs (npm) Jun 15, 2026
acorn421 Credited to acorn421 and dcodeIO dcodeIO dcodeIO
A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN... Moderate Unreviewed
CVE-2026-0269 was published Jun 11, 2026
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service... High Unreviewed
CVE-2026-5343 was published May 29, 2026
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation... High Unreviewed
CVE-2025-13392 was published May 27, 2026
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... Moderate Unreviewed
CVE-2026-4915 was published May 26, 2026
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View... Low Unreviewed
CVE-2026-8491 was published May 20, 2026
Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source... Moderate Unreviewed
CVE-2026-47315 was published May 19, 2026
OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads High
CVE-2026-45678 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias, grcevski, and rafaelroquetto grcevski grcevski
rafaelroquetto rafaelroquetto
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from... Low Unreviewed
CVE-2026-4643 was published May 18, 2026
Mattermost doesn't validate the response body of proxied images Moderate
CVE-2026-4054 was published for github.com/mattermost/mattermost-server (Go) May 15, 2026
A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally... Moderate Unreviewed
CVE-2026-0235 was published May 13, 2026
Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass... Moderate Unreviewed
CVE-2026-0241 was published May 13, 2026
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an... Moderate Unreviewed
CVE-2026-0262 was published May 13, 2026
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate... Moderate Unreviewed
CVE-2026-42950 was published May 13, 2026
Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device... Moderate Unreviewed
CVE-2026-20754 was published May 12, 2026
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request) Moderate
CVE-2026-44324 was published for github.com/free5gc/udr (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference High
CVE-2026-44322 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference Moderate
CVE-2026-44317 was published for github.com/free5gc/pcf (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference High
CVE-2026-44316 was published for github.com/free5gc/pcf (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was... Critical Unreviewed
CVE-2026-8091 was published May 7, 2026
net-imap vulnerable to STARTTLS stripping via invalid response timing High
CVE-2026-42246 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Clerk has an authorization bypass when combining organization, billing, or reverification checks High
CVE-2026-42349 was published for @clerk/astro (npm) Apr 30, 2026
Admidio Missing Minimum Administrator Check in Role Membership Removal Moderate
CVE-2026-41662 was published for admidio/admidio (Composer) Apr 29, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
An unauthenticated remote attacker is able to exhaust all available TCP connections in the... High Unreviewed
CVE-2026-35225 was published Apr 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database