Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

128,626 advisories

Loading
HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS High
CVE-2026-55470 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Jun 17, 2026
dyingman1 Credited to dyingman1
handlebars.java FileTemplateLoader Path Traversal High
CVE-2026-55760 was published for com.github.jknack:handlebars (Maven) Jun 17, 2026
dyingman1 Credited to dyingman1
Filament: Disabled RichEditor field state can be used for XSS High
CVE-2026-55409 was published for filament/forms (Composer) Jun 17, 2026
mike197312 Credited to mike197312 and danharrin danharrin danharrin
LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector High
CVE-2026-55405 was published for dev.langchain4j:langchain4j-mariadb (Maven) Jun 17, 2026
v9d0g Credited to v9d0g and oscarpg oscarpg oscarpg
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for... High Unreviewed
CVE-2026-5667 was published Jun 17, 2026
Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows... High Unreviewed
CVE-2026-30803 was published Jun 17, 2026
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI... High Unreviewed
CVE-2026-7300 was published Jun 17, 2026
Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers... High Unreviewed
CVE-2026-30802 was published Jun 17, 2026
picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing... High Unreviewed
CVE-2026-53872 was published Jun 17, 2026
picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function... High Unreviewed
CVE-2026-53875 was published Jun 17, 2026
Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials"... High Unreviewed
CVE-2026-32652 was published Jun 17, 2026
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view... High Unreviewed
CVE-2026-20190 was published Jun 17, 2026
PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list,... High Unreviewed
CVE-2025-71322 was published Jun 17, 2026
Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly... High Unreviewed
CVE-2026-54810 was published Jun 17, 2026
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication... High Unreviewed
CVE-2026-49502 was published Jun 17, 2026
In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code... High Unreviewed
CVE-2025-26240 was published Jun 17, 2026
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control... High Unreviewed
CVE-2026-35066 was published Jun 17, 2026
Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical... High Unreviewed
CVE-2026-35065 was published Jun 17, 2026
Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS... High Unreviewed
CVE-2026-54415 was published Jun 17, 2026
A remote attacker can inject LDAP special characters into the Distinguished Name (DN)... High Unreviewed
CVE-2026-49268 was published Jun 17, 2026
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a... High Unreviewed
CVE-2026-54417 was published Jun 17, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-54818 was published Jun 17, 2026
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. High Unreviewed
CVE-2026-52707 was published Jun 17, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced... High Unreviewed
CVE-2026-54816 was published Jun 17, 2026
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication... High Unreviewed
CVE-2026-32804 was published Jun 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database