GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
93 advisories
Filter by severity
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More...
Moderate
Unreviewed
CVE-2026-12127
was published
Jul 1, 2026
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST...
High
Unreviewed
CVE-2026-57281
was published
Jun 24, 2026
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections.
Net::Statsite:...
Critical
Unreviewed
CVE-2026-11373
was published
Jun 22, 2026
The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server...
High
Unreviewed
CVE-2026-50629
was published
Jun 12, 2026
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric...
Moderate
Unreviewed
CVE-2026-50639
was published
Jun 10, 2026
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric...
Critical
Unreviewed
CVE-2026-50638
was published
Jun 10, 2026
Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric...
High
Unreviewed
CVE-2026-50637
was published
Jun 10, 2026
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags.
...
Critical
Unreviewed
CVE-2026-11362
was published
Jun 5, 2026
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections.
DataDog::DogStatsd...
Critical
Unreviewed
CVE-2026-9270
was published
Jun 5, 2026
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output...
High
Unreviewed
CVE-2026-50292
was published
Jun 4, 2026
Net::Statsd versions before 0.13 for Perl allow metric injections.
The metric names are not...
Moderate
Unreviewed
CVE-2026-46739
was published
Jun 4, 2026
Etsy::StatsD versions through 1.002002 for Perl allow metric injections.
The metric names and...
High
Unreviewed
CVE-2026-46741
was published
Jun 4, 2026
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.
The metric...
Moderate
Unreviewed
CVE-2026-8722
was published
Jun 4, 2026
Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the...
Moderate
Unreviewed
CVE-2026-49130
was published
May 28, 2026
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.
The metric...
Moderate
Unreviewed
CVE-2026-46740
was published
May 27, 2026
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.
The values from...
High
Unreviewed
CVE-2026-8788
was published
May 18, 2026
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.
The metric names and...
High
Unreviewed
CVE-2026-46720
was published
May 17, 2026
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.
The metric names...
Moderate
Unreviewed
CVE-2026-46719
was published
May 16, 2026
Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint...
High
Unreviewed
CVE-2026-32993
was published
May 14, 2026
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when...
Moderate
Unreviewed
CVE-2026-35504
was published
May 12, 2026
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
High
Unreviewed
CVE-2026-5140
was published
Apr 29, 2026
The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and...
Moderate
Unreviewed
CVE-2026-2717
was published
Apr 22, 2026
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of...
Moderate
Unreviewed
CVE-2026-32964
was published
Apr 20, 2026
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing...
High
Unreviewed
CVE-2026-6351
was published
Apr 16, 2026
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that...
Moderate
Unreviewed
CVE-2026-2400
was published
Apr 14, 2026
ProTip!
Advisories are also available from the
GraphQL API