Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

144 advisories

Loading
Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE Critical
CVE-2026-53633 was published for @vitest/browser (npm) Jun 15, 2026
Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability,... Moderate Unreviewed
CVE-2026-12060 was published Jun 12, 2026
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on... Moderate Unreviewed
CVE-2026-7516 was published Jun 10, 2026
The Electron preload script in Logseq exposes an API method that allows the renderer process to... High Unreviewed
CVE-2026-47899 was published Jun 9, 2026
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package... High Unreviewed
CVE-2025-14713 was published May 27, 2026
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with... High Unreviewed
CVE-2026-4051 was published May 26, 2026
PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE High
CVE-2026-45805 was published for @penpot/mcp (npm) May 19, 2026
AyushParkara Credited to AyushParkara and overgrowncarrot1 overgrowncarrot1 overgrowncarrot1
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) Moderate
CVE-2026-45670 was published for @nuxt/rspack-builder (npm) May 19, 2026
sapphi-red Credited to sapphi-red
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins Moderate
CVE-2026-6402 was published for webpack-dev-server (npm) May 18, 2026
sapphi-red Credited to sapphi-red, UlisesGascon, bjohansebas, and alexander-akait UlisesGascon UlisesGascon
bjohansebas bjohansebas alexander-akait alexander-akait
Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables... Moderate Unreviewed
CVE-2026-33584 was published May 13, 2026
Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and... High Unreviewed
CVE-2026-33583 was published May 13, 2026
Nautobot: GitRepository.current_head field should not be writable through REST API High
CVE-2026-44798 was published for nautobot (pip) May 13, 2026
holmie Credited to holmie
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write... High Unreviewed
CVE-2026-8108 was published May 13, 2026
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6... Moderate Unreviewed
CVE-2026-8109 was published May 12, 2026
view_component: Preview Route Can Dispatch Inherited Helper Methods Moderate
CVE-2026-44836 was published for view_component (RubyGems) May 8, 2026
cyberlanc3r Credited to cyberlanc3r
Memory corruption while processing IOCTL command when device is in power-save state. Moderate Unreviewed
CVE-2026-25266 was published May 4, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9,... High Unreviewed
CVE-2026-5173 was published Apr 9, 2026
The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which... Critical Unreviewed
CVE-2026-2275 was published Mar 30, 2026
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated... High Unreviewed
CVE-2026-3483 was published Mar 10, 2026
OneUptime has Synthetic Monitor RCE via exposed Playwright browser object Critical
CVE-2026-30957 was published for @oneuptime/common (npm) Mar 10, 2026
maru1009 Credited to maru1009
OneUptime: Synthetic Monitor RCE via exposed Playwright browser object Critical
CVE-2026-30921 was published for @oneuptime/common (npm) Mar 7, 2026
maru1009 Credited to maru1009
Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows... Critical Unreviewed
CVE-2026-30797 was published Mar 5, 2026
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This... High Unreviewed
CVE-2026-20423 was published Mar 2, 2026
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote... Critical Unreviewed
CVE-2026-22208 was published Feb 17, 2026
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise Critical
CVE-2026-26190 was published for github.com/milvus-io/milvus (Go) Feb 11, 2026
0x1f Credited to 0x1f
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database