Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

12,198 advisories

Loading
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of... Moderate Unreviewed
CVE-2026-8759 was published May 17, 2026
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function... Moderate Unreviewed
CVE-2026-8751 was published May 17, 2026
A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils... Low Unreviewed
CVE-2026-8735 was published May 17, 2026
FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files High
CVE-2026-45062 was published for github.com/dunglas/frankenphp (Go) May 15, 2026
KC1zs4 Credited to KC1zs4, chenjj, and dunglas chenjj chenjj
dunglas dunglas
Improper input validation within the AMD Platform Management Framework (PMF) could allow an... High Unreviewed
CVE-2025-29936 was published May 15, 2026
Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168... Low Unreviewed
CVE-2026-8579 was published May 14, 2026
Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168... Moderate Unreviewed
CVE-2026-8538 was published May 14, 2026
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168... High Unreviewed
CVE-2026-8527 was published May 14, 2026
Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0... Low Unreviewed
CVE-2026-8536 was published May 14, 2026
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778... Moderate Unreviewed
CVE-2026-8528 was published May 14, 2026
Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778... Moderate Unreviewed
CVE-2026-8516 was published May 14, 2026
Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data URI in profile_image_url High
GHSA-3wgj-c2hg-vm6q was published for open-webui (pip) May 14, 2026
matte1782 Credited to matte1782
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation Moderate
CVE-2026-45317 was published for open-webui (pip) May 14, 2026
bray-sec Credited to bray-sec and Classic298 Classic298 Classic298
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could... High Unreviewed
CVE-2026-20224 was published May 14, 2026
Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation High
CVE-2026-45013 was published for apostrophe (npm) May 14, 2026
Mujahidkhan525 Credited to Mujahidkhan525
Synapse pagination Denial of Service Moderate
CVE-2026-45076 was published for matrix-synapse (pip) May 14, 2026
Fleet server may terminate unexpectedly when handling certain gRPC requests High
CVE-2026-26062 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject... Low Unreviewed
CVE-2026-0238 was published May 13, 2026
A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former... Moderate Unreviewed
CVE-2026-2695 was published May 13, 2026
Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before... Moderate Unreviewed
CVE-2026-8369 was published May 13, 2026
Anchor: `InterfaceAccount` allows account substitution between unexpected types High
GHSA-429q-fhh4-r6hj was published for anchor-lang (Rust) May 13, 2026
acheroncrypto Credited to acheroncrypto
Anchor: Program<'info, System> is not properly validated High
CVE-2026-45137 was published for anchor-lang (Rust) May 13, 2026
Matthias1590 Credited to Matthias1590
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and... Low Unreviewed
CVE-2026-34685 was published May 12, 2026
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input... Moderate Unreviewed
CVE-2026-34668 was published May 12, 2026
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input... Moderate Unreviewed
CVE-2026-34670 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database