GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
164,150 advisories
Filter by severity
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory...
Moderate
Unreviewed
CVE-2026-34962
was published
May 12, 2026
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent...
Moderate
Unreviewed
CVE-2026-34961
was published
May 12, 2026
Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based)...
Moderate
Unreviewed
CVE-2026-57980
was published
Jul 18, 2026
Skipper's routesrv-no-auth component: All routesrv API Endpoints Lack Authentication
Moderate
CVE-2026-54246
was published
for
github.com/zalando/skipper
(Go)
Jul 17, 2026
IBM Cognos Analytics 12.1.3 GA Version with build number through 12.1.3-2606251736 could allow an...
Moderate
Unreviewed
CVE-2026-15995
was published
Jul 17, 2026
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message...
Moderate
Unreviewed
CVE-2026-4942
was published
Jul 17, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a...
Moderate
Unreviewed
CVE-2026-7771
was published
Jul 17, 2026
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9...
Moderate
Unreviewed
CVE-2026-4938
was published
Jul 17, 2026
IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute...
Moderate
Unreviewed
CVE-2026-14501
was published
Jul 17, 2026
IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 (...
Moderate
Unreviewed
CVE-2026-14979
was published
Jul 17, 2026
IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed...
Moderate
Unreviewed
CVE-2026-8861
was published
Jul 17, 2026
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to redirect users to...
Moderate
Unreviewed
CVE-2026-15093
was published
Jul 17, 2026
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary...
Moderate
Unreviewed
CVE-2026-15069
was published
Jul 17, 2026
PocketSphinx: Buffer overflows in language and acoustic model loading code
Moderate
CVE-2026-54559
was published
for
pocketsphinx
(pip)
Jul 17, 2026
AngleSharp HTML5 Spec Compliance: mXSS via annotation-xml HTML Integration Point Bypass
Moderate
CVE-2026-54570
was published
for
AngleSharp
(NuGet)
Jul 17, 2026
Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration
Moderate
CVE-2026-40966
was published
for
org.springframework.ai:spring-ai-advisors-vector-store
(Maven)
Apr 28, 2026
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
Moderate
CVE-2026-22751
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 21, 2026
PRoot-Distro has Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs
Moderate
GHSA-mfr4-mq8w-vmg6
was published
for
proot-distro
(pip)
Jul 17, 2026
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes
Moderate
CVE-2026-53496
was published
for
exifreader
(npm)
Jul 17, 2026
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
Moderate
CVE-2026-54561
was published
for
mcp-memory-keeper
(npm)
Jul 17, 2026
Formie: Missing authorization in administrative settings allows low-privileged CP users to modify plugin configuration
Moderate
GHSA-cvpc-hccg-wmw4
was published
for
verbb/formie
(Composer)
Jul 17, 2026
TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard
Moderate
CVE-2026-54546
was published
for
@tak-ps/cloudtak
(npm)
Jul 17, 2026
plone.restapi: Stored XSS by spoofing mime type
Moderate
GHSA-8rqh-vxpr-x77p
was published
for
plone.restapi
(pip)
Jul 17, 2026
plone.app.textfield: Stored XSS by spoofing mime type
Moderate
CVE-2026-54503
was published
for
plone.app.textfield
(pip)
Jul 17, 2026
Incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8...
Moderate
Unreviewed
CVE-2026-51083
was published
Jul 17, 2026
ProTip!
Advisories are also available from the
GraphQL API