Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

143 advisories

Loading
MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an... Critical Unreviewed
CVE-2026-56447 was published Jun 22, 2026
Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality... High Unreviewed
CVE-2026-22283 was published Jun 17, 2026
When the application executes the JavaScript script embedded in the PDF within the sandbox, it... High Unreviewed
CVE-2026-12057 was published Jun 15, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an... High Unreviewed
CVE-2026-11269 was published Jun 5, 2026
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content... High Unreviewed
CVE-2026-8879 was published Jun 3, 2026
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0... High Unreviewed
CVE-2026-5241 was published Jun 3, 2026
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL... High Unreviewed
CVE-2022-49036 was published Jun 3, 2026
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component... High Unreviewed
CVE-2022-49042 was published Jun 3, 2026
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets... High Unreviewed
CVE-2026-5817 was published May 26, 2026
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which... High Unreviewed
CVE-2026-5843 was published May 26, 2026
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project... Moderate Unreviewed
CVE-2026-45184 was published May 10, 2026
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC... Moderate Unreviewed
CVE-2026-41253 was published Apr 18, 2026
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation... High Unreviewed
CVE-2026-6482 was published Apr 17, 2026
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. Critical Unreviewed
CVE-2026-40959 was published Apr 16, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... High Unreviewed
CVE-2026-1342 was published Apr 8, 2026
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0... High Unreviewed
CVE-2026-3991 was published Mar 30, 2026
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker... Moderate Unreviewed
CVE-2025-55273 was published Mar 26, 2026
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms... High Unreviewed
CVE-2026-4295 was published Mar 17, 2026
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit)... High Unreviewed
CVE-2026-4255 was published Mar 16, 2026
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal... High Unreviewed
CVE-2026-28135 was published Mar 5, 2026
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to... Moderate Unreviewed
CVE-2026-1628 was published Mar 2, 2026
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing... High Unreviewed
CVE-2026-28372 was published Feb 27, 2026
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS)... Moderate Unreviewed
CVE-2026-26079 was published Feb 11, 2026
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview... Critical Unreviewed
CVE-2026-1699 was published Jan 30, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database