GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
131,736 advisories
Filter by severity
QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers...
High
Unreviewed
CVE-2026-10130
was published
Jul 19, 2026
ProFTPD mod_sftp contains a heap-based buffer overflow reachable by an authenticated SFTP user....
High
Unreviewed
CVE-2026-53994
was published
Jul 18, 2026
A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share`...
High
Unreviewed
CVE-2026-12228
was published
Jul 18, 2026
OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core...
High
Unreviewed
CVE-2026-11826
was published
Jul 18, 2026
SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and...
High
Unreviewed
CVE-2024-58369
was published
Jul 18, 2026
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users...
High
Unreviewed
CVE-2025-71397
was published
Jul 18, 2026
SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST...
High
Unreviewed
CVE-2024-58368
was published
Jul 18, 2026
SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE,...
High
Unreviewed
CVE-2024-58367
was published
Jul 18, 2026
SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace...
High
Unreviewed
CVE-2025-71395
was published
Jul 18, 2026
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module...
High
Unreviewed
CVE-2025-71391
was published
Jul 18, 2026
SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested...
High
Unreviewed
CVE-2024-58370
was published
Jul 18, 2026
SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor...
High
Unreviewed
CVE-2024-58365
was published
Jul 18, 2026
uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file...
High
Unreviewed
CVE-2026-9147
was published
Jul 18, 2026
SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time()...
High
Unreviewed
CVE-2024-58357
was published
Jul 18, 2026
SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the...
High
Unreviewed
CVE-2024-58361
was published
Jul 18, 2026
SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the...
High
Unreviewed
CVE-2024-58362
was published
Jul 18, 2026
SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span...
High
Unreviewed
CVE-2024-58364
was published
Jul 18, 2026
SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting...
High
Unreviewed
CVE-2024-58359
was published
Jul 18, 2026
SurrealDB before 1.0.1 sets default table permissions to FULL instead of NONE, allowing SELECT,...
High
Unreviewed
CVE-2023-54366
was published
Jul 18, 2026
A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function...
High
Unreviewed
CVE-2026-16097
was published
Jul 18, 2026
A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is...
High
Unreviewed
CVE-2026-16095
was published
Jul 18, 2026
A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the...
High
Unreviewed
CVE-2026-16096
was published
Jul 18, 2026
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious...
High
Unreviewed
CVE-2026-47869
was published
Jul 18, 2026
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious authenticated...
High
Unreviewed
CVE-2026-47870
was published
Jul 18, 2026
VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user...
High
Unreviewed
CVE-2026-47868
was published
Jul 18, 2026
ProTip!
Advisories are also available from the
GraphQL API