GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,466
Composer 5,807
Erlang 58
GitHub Actions 50
Go 3,799
Maven 6,560
npm 6,147
NuGet 938
pip 5,036
Pub 13
RubyGems 1,059
Rust 1,351
Swift 54

Unreviewed advisories

All unreviewed 302,290

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

302,290 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI... Unknown Unreviewed

CVE-2026-8500 was published May 14, 2026

Improper authorization checks of team members privileges allow a team member to escalate... High Unreviewed

CVE-2026-32991 was published May 14, 2026

Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of... Moderate Unreviewed

CVE-2026-41281 was published May 14, 2026

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL... High Unreviewed

CVE-2026-29206 was published May 14, 2026

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on... High Unreviewed

CVE-2026-29205 was published May 14, 2026

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint... High Unreviewed

CVE-2026-32993 was published May 14, 2026

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server... High Unreviewed

CVE-2026-32992 was published May 14, 2026

The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While... Moderate Unreviewed

CVE-2026-8328 was published May 13, 2026

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System... Moderate Unreviewed

CVE-2026-45228 was published May 13, 2026

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint... High Unreviewed

CVE-2026-45229 was published May 13, 2026

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a... Moderate Unreviewed

CVE-2026-28376 was published May 13, 2026

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by... Moderate Unreviewed

CVE-2026-28383 was published May 13, 2026

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines... High Unreviewed

CVE-2026-43970 was published May 13, 2026

Editors could delete any annotation, even those they do not have read access to. The editor user... Moderate Unreviewed

CVE-2026-28374 was published May 13, 2026

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses... High Unreviewed

CVE-2026-33376 was published May 13, 2026

A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously... Moderate Unreviewed

CVE-2026-8496 was published May 13, 2026

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a... Unknown Unreviewed

CVE-2025-27850 was published May 13, 2026

Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a... Moderate Unreviewed

CVE-2026-33378 was published May 13, 2026

The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x... High Unreviewed

CVE-2026-21821 was published May 13, 2026

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site... Unknown Unreviewed

CVE-2025-27852 was published May 13, 2026

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows... High Unreviewed

CVE-2026-8466 was published May 13, 2026

The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to... Unknown Unreviewed

CVE-2025-27853 was published May 13, 2026

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard... High Unreviewed

CVE-2026-33377 was published May 13, 2026

A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables... Moderate Unreviewed

CVE-2026-0243 was published May 13, 2026

Any Editor could delete any snapshot, even if they have no access to read or write them. Moderate Unreviewed

CVE-2026-28380 was published May 13, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

302,290 advisories