GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,606 advisories
Filter by severity
Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect...
Critical
Unreviewed
CVE-2026-48286
was published
Jun 30, 2026
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated...
Moderate
Unreviewed
CVE-2026-57953
was published
Jun 29, 2026
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
High
Unreviewed
CVE-2026-57950
was published
Jun 29, 2026
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table...
High
Unreviewed
CVE-2026-57951
was published
Jun 29, 2026
RustDesk gates incoming control messages on per-capability flags rather than on the session's...
High
Unreviewed
CVE-2026-58056
was published
Jun 28, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6,...
Moderate
Unreviewed
CVE-2026-5796
was published
Jun 25, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6,...
Moderate
Unreviewed
CVE-2026-5952
was published
Jun 25, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0...
Low
Unreviewed
CVE-2026-0934
was published
Jun 25, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6,...
Moderate
Unreviewed
CVE-2026-11379
was published
Jun 25, 2026
NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration...
Moderate
Unreviewed
CVE-2026-56694
was published
Jun 23, 2026
Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when...
Low
Unreviewed
CVE-2026-8823
was published
Jun 22, 2026
Incorrect caching of authentication between different polkit methods in qSnapper before version 1...
High
Unreviewed
CVE-2026-41048
was published
Jun 22, 2026
Incorrect caching of authentication between different users of the qSnapper dbus service before...
High
Unreviewed
CVE-2026-41049
was published
Jun 22, 2026
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3...
Moderate
Unreviewed
CVE-2026-41047
was published
Jun 22, 2026
Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission...
Low
Unreviewed
CVE-2026-8074
was published
Jun 22, 2026
Authorization handling for component configuration verification requests in Apache NiFi 1.15.0...
Low
Unreviewed
CVE-2026-44911
was published
Jun 22, 2026
Incorrect Authorization vulnerability in Apache APISIX.
An attacker can capitalise on authz...
Moderate
Unreviewed
CVE-2026-47339
was published
Jun 19, 2026
PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI...
High
Unreviewed
CVE-2026-56075
was published
Jun 19, 2026
Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the...
Moderate
Unreviewed
CVE-2026-10741
was published
Jun 17, 2026
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Critical
Unreviewed
CVE-2026-54803
was published
Jun 17, 2026
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a...
Moderate
Unreviewed
CVE-2026-12446
was published
Jun 17, 2026
The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to,...
Moderate
Unreviewed
CVE-2026-5149
was published
Jun 16, 2026
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that...
High
Unreviewed
CVE-2016-20075
was published
Jun 15, 2026
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect...
High
Unreviewed
CVE-2026-34023
was published
Jun 15, 2026
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-2470
was published
Jun 13, 2026
ProTip!
Advisories are also available from the
GraphQL API