Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

10,669 advisories

Loading
A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared... High Unreviewed
CVE-2026-11424 was published Jun 6, 2026
Shopper: Multiple data integrity and disclosure issues in admin Livewire components High
CVE-2026-47743 was published for shopper/framework (Composer) Jun 5, 2026
baradika Credited to baradika
NocoDB: Plaintext Password Comparison in Shared Views Moderate
CVE-2026-47379 was published for nocodb (npm) Jun 5, 2026
Proscan-one Credited to Proscan-one
Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService High
CVE-2026-45726 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a... Moderate Unreviewed
CVE-2026-11271 was published Jun 5, 2026
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an... Moderate Unreviewed
CVE-2026-47655 was published Jun 5, 2026
Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a... Moderate Unreviewed
CVE-2026-11203 was published Jun 5, 2026
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a... Moderate Unreviewed
CVE-2026-11209 was published Jun 5, 2026
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote... Moderate Unreviewed
CVE-2026-11182 was published Jun 5, 2026
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote... Moderate Unreviewed
CVE-2026-11180 was published Jun 5, 2026
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote... Moderate Unreviewed
CVE-2026-11162 was published Jun 5, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a... Moderate Unreviewed
CVE-2026-11168 was published Jun 5, 2026
Shopware: Admin Account Takeover via User Recovery Hash Exposure Moderate
CVE-2026-48009 was published for shopware/core (Composer) Jun 4, 2026
A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the... Moderate Unreviewed
CVE-2026-10864 was published Jun 4, 2026
A visibility control issue in the event template creation workflow allowed non-site-admin users... Moderate Unreviewed
CVE-2026-10854 was published Jun 4, 2026
Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection High
CVE-2026-44486 was published for axios (npm) Jun 4, 2026
ngocnn97 Credited to ngocnn97
The web administration panel binds broadly to the public IPv6 address space on port [::]:8080... Moderate Unreviewed
CVE-2026-50224 was published Jun 4, 2026
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs),... Moderate Unreviewed
CVE-2026-50210 was published Jun 4, 2026
Overly permissive configuration settings on cloud storage containers expose active telemetry... High Unreviewed
CVE-2026-49193 was published Jun 4, 2026
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks... High Unreviewed
CVE-2026-49187 was published Jun 4, 2026
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized... High Unreviewed
CVE-2026-36611 was published Jun 3, 2026
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented ... Moderate Unreviewed
CVE-2026-36615 was published Jun 3, 2026
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 responds to version.bind CHAOS TXT... Moderate Unreviewed
CVE-2026-36618 was published Jun 3, 2026
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout... Moderate Unreviewed
CVE-2026-36602 was published Jun 3, 2026
It is possible for an unauthenticated adjacent attacker to download log files of the controller,... High Unreviewed
CVE-2026-41032 was published Jun 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database