GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

GitHub reviewed advisories

All reviewed 32,549
Composer 6,122
Erlang 86
GitHub Actions 54
Go 4,175
Maven 6,713
npm 6,687
NuGet 1,019
pip 5,531
Pub 13
RubyGems 1,102
Rust 1,421
Swift 61

Unreviewed advisories

All unreviewed 310,887

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

286 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. Critical Unreviewed

CVE-2026-54803 was published Jun 17, 2026

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect... Critical Unreviewed

CVE-2026-48303 was published Jun 9, 2026

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed.... Critical Unreviewed

CVE-2026-41283 was published Jun 4, 2026

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated... Critical Unreviewed

CVE-2026-3660 was published May 26, 2026

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect... Critical Unreviewed

CVE-2026-34660 was published May 12, 2026

Buffer overflow due to incorrect authorization in PLC FW Critical Unreviewed

CVE-2026-25293 was published May 4, 2026

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to... Critical Unreviewed

CVE-2026-33105 was published Apr 3, 2026

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges... Critical Unreviewed

CVE-2026-32213 was published Apr 3, 2026

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf... Critical Unreviewed

CVE-2026-32915 was published Mar 29, 2026

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor... Critical Unreviewed

CVE-2026-29127 was published Mar 5, 2026

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root... Critical Unreviewed

CVE-2025-13184 was published Dec 10, 2025

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to... Critical Unreviewed

CVE-2024-5539 was published Nov 27, 2025

Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and... Critical Unreviewed

CVE-2025-55469 was published Nov 26, 2025

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper... Critical Unreviewed

CVE-2025-9803 was published Nov 25, 2025

Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows... Critical Unreviewed

CVE-2025-41346 was published Nov 18, 2025

Due to an insufficient access control implementation in multiple WSO2 Products, authentication... Critical Unreviewed

CVE-2025-10611 was published Oct 16, 2025

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004... Critical Unreviewed

CVE-2025-36157 was published Aug 24, 2025

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration... Critical Unreviewed

CVE-2025-54253 was published Aug 5, 2025

An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud... Critical Unreviewed

CVE-2025-29757 was published Jul 19, 2025

Cryptographic issue occurs due to use of insecure connection method while downloading. Critical Unreviewed

CVE-2025-21450 was published Jul 8, 2025

The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1... Critical Unreviewed

CVE-2025-26850 was published Jul 5, 2025

The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has... Critical Unreviewed

CVE-2025-53391 was published Jun 29, 2025

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission... Critical Unreviewed

CVE-2025-20674 was published Jun 2, 2025

An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote... Critical Unreviewed

CVE-2025-48757 was published May 30, 2025

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic... Critical Unreviewed

CVE-2024-6914 was published May 22, 2025

Previous1…12 Next

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

286 advisories