GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
311,644 advisories
Filter by severity
Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration...
High
Unreviewed
CVE-2026-58592
was published
Jul 1, 2026
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows...
High
Unreviewed
CVE-2026-58451
was published
Jul 1, 2026
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki ...
Moderate
Unreviewed
CVE-2026-58517
was published
Jul 1, 2026
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code...
High
Unreviewed
CVE-2026-50521
was published
Jul 1, 2026
Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command...
Critical
Unreviewed
CVE-2026-58457
was published
Jul 1, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Moderate
Unreviewed
CVE-2026-14363
was published
Jul 1, 2026
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2026-14340
was published
Jul 1, 2026
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated...
High
Unreviewed
CVE-2026-58593
was published
Jul 1, 2026
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in...
Unknown
Unreviewed
CVE-2026-51947
was published
Jul 1, 2026
Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution...
High
Unreviewed
CVE-2026-41121
was published
Jul 1, 2026
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's...
High
Unreviewed
CVE-2026-49119
was published
Jul 1, 2026
An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set...
Moderate
Unreviewed
CVE-2026-38142
was published
Jul 1, 2026
Improper neutralization of input during web page generation ('cross-site scripting')...
Moderate
Unreviewed
CVE-2026-14358
was published
Jul 1, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2026-57737
was published
Jul 1, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Moderate
Unreviewed
CVE-2026-58521
was published
Jul 1, 2026
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not...
Moderate
Unreviewed
CVE-2026-5051
was published
Jul 1, 2026
URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation...
Moderate
Unreviewed
CVE-2026-58520
was published
Jul 1, 2026
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS...
High
Unreviewed
CVE-2026-57723
was published
Jul 1, 2026
Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly...
Moderate
Unreviewed
CVE-2026-57721
was published
Jul 1, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2026-57722
was published
Jul 1, 2026
Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via...
Moderate
Unreviewed
CVE-2026-49090
was published
Jul 1, 2026
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command...
High
Unreviewed
CVE-2026-58452
was published
Jul 1, 2026
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded...
Critical
Unreviewed
CVE-2026-58453
was published
Jul 1, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve...
High
Unreviewed
CVE-2026-57736
was published
Jul 1, 2026
Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log...
High
Unreviewed
CVE-2026-49091
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API