GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,628
Composer 5,817
Erlang 61
GitHub Actions 50
Go 3,821
Maven 6,571
npm 6,204
NuGet 939
pip 5,090
Pub 13
RubyGems 1,059
Rust 1,357
Swift 54

Unreviewed advisories

All unreviewed 302,602

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

26,051 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload... Critical Unreviewed

CVE-2021-47965 was published May 15, 2026

phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts... Critical Unreviewed

CVE-2026-45010 was published May 15, 2026

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha:... Critical Unreviewed

CVE-2026-46364 was published May 15, 2026

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud... Critical Unreviewed

CVE-2026-2031 was published May 15, 2026

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code... Critical Unreviewed

CVE-2026-41553 was published May 15, 2026

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML... Critical Unreviewed

CVE-2026-7182 was published May 15, 2026

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal... Critical Unreviewed

CVE-2026-41552 was published May 15, 2026

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and... Critical Unreviewed

CVE-2026-5229 was published May 15, 2026

A supply chain attack compromised the official installation packages of DAEMON Tools Lite ... Critical Unreviewed

CVE-2026-8398 was published May 15, 2026

Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a... Critical Unreviewed

CVE-2026-0481 was published May 15, 2026

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows... Critical Unreviewed

CVE-2026-8634 was published May 14, 2026

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... Critical Unreviewed

CVE-2026-8580 was published May 14, 2026

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to... Critical Unreviewed

CVE-2026-8511 was published May 14, 2026

Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an... Critical Unreviewed

CVE-2026-41615 was published May 14, 2026

May 2026: This security advisory provides the details and fix information for a vulnerability... Critical Unreviewed

CVE-2026-20182 was published May 14, 2026

Improper neutralization of special elements used in an SQL command ('SQL injection')... Critical Unreviewed

CVE-2025-11024 was published May 14, 2026

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software... Critical Unreviewed

CVE-2026-2347 was published May 14, 2026

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up... Critical Unreviewed

CVE-2026-6512 was published May 14, 2026

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up... Critical Unreviewed

CVE-2026-6271 was published May 14, 2026

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing... Critical Unreviewed

CVE-2026-6510 was published May 14, 2026

The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin... Critical Unreviewed

CVE-2026-8181 was published May 14, 2026

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI... Critical Unreviewed

CVE-2026-8500 was published May 14, 2026

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin... Critical Unreviewed

CVE-2025-27851 was published May 13, 2026

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This... Critical Unreviewed

CVE-2026-42945 was published May 13, 2026

Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows... Critical Unreviewed

CVE-2020-37168 was published May 13, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

26,051 advisories