Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

234 advisories

Loading
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency... High Unreviewed
CVE-2026-11332 was published Jun 5, 2026
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release... High Unreviewed
CVE-2026-41013 was published Jun 1, 2026
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection... High Unreviewed
CVE-2026-49373 was published May 29, 2026
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect... High Unreviewed
CVE-2026-3515 was published May 26, 2026
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote... High Unreviewed
CVE-2026-47114 was published May 21, 2026
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection... Critical Unreviewed
CVE-2026-31230 was published May 12, 2026
An improper neutralization of argument delimiters in a command ('argument injection')... Moderate Unreviewed
CVE-2026-25690 was published May 12, 2026
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM... Moderate Unreviewed
CVE-2025-40948 was published May 12, 2026
Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via... Moderate Unreviewed
CVE-2026-45181 was published May 10, 2026
A hidden console command is vulnerable to command injection flaw when control characters are... High Unreviewed
CVE-2026-7865 was published May 5, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0... Moderate Unreviewed
CVE-2026-35153 was published Apr 17, 2026
During an internal security assessment, a potential vulnerability was discovered in Lenovo... High Unreviewed
CVE-2026-4145 was published Apr 15, 2026
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability... Critical Unreviewed
CVE-2026-2449 was published Apr 14, 2026
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to... High Unreviewed
CVE-2026-0634 was published Apr 2, 2026
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF... High Unreviewed
CVE-2026-29954 was published Mar 30, 2026
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters... Moderate Unreviewed
CVE-2026-23924 was published Mar 24, 2026
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability... Critical Unreviewed
CVE-2026-2298 was published Mar 23, 2026
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the... Moderate Unreviewed
CVE-2026-4438 was published Mar 20, 2026
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo... Moderate Unreviewed
CVE-2026-1715 was published Mar 11, 2026
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo... Moderate Unreviewed
CVE-2026-1716 was published Mar 11, 2026
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in... Moderate Unreviewed
CVE-2026-1717 was published Mar 11, 2026
An improper neutralization of argument delimiters in a command ('argument injection')... Moderate Unreviewed
CVE-2026-25689 was published Mar 10, 2026
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can... High Unreviewed
CVE-2025-41761 was published Mar 9, 2026
A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and... Moderate Unreviewed
CVE-2026-20016 was published Mar 4, 2026
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local... Moderate Unreviewed
CVE-2026-20063 was published Mar 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database