Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

340,861 advisories

Loading
Keycloak's identity-first login flow exposes user information Low
CVE-2026-4633 was published for org.keycloak:keycloak-services (Maven) Mar 23, 2026
dnegreira Credited to dnegreira and julianladisch julianladisch julianladisch
net-imap vulnerable to command Injection via "raw" arguments to multiple commands Moderate
CVE-2026-42257 was published for net-imap (RubyGems) May 4, 2026
manunio Credited to manunio and nevans nevans nevans
CakePHP Authentication: Open redirect weakness via backslash bypass Moderate
CVE-2026-55590 was published for cakephp/authentication (Composer) Jun 17, 2026
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation Critical
CVE-2026-55518 was published for avo (RubyGems) Jun 17, 2026
xIllunight Credited to xIllunight and Paul-Bob Paul-Bob Paul-Bob
Deno: Denial of service via non-ASCII bytes in WebSocket response headers Moderate
CVE-2026-55517 was published for deno (Rust) Jun 17, 2026
snoopysecurity Credited to snoopysecurity
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory Critical
CVE-2026-55471 was published for ca.uhn.hapi.fhir:org.hl7.fhir.utilities (Maven) Jun 17, 2026
HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS High
CVE-2026-55470 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Jun 17, 2026
dyingman1 Credited to dyingman1
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak Critical
CVE-2026-55450 was published for langflow (pip) Jun 17, 2026
vbCrLf Credited to vbCrLf, Jkavia, erichare, AntonioABLima, andifilhohub, and Adam-Aghili Jkavia Jkavia
erichare erichare AntonioABLima AntonioABLima andifilhohub andifilhohub Adam-Aghili Adam-Aghili
handlebars.java FileTemplateLoader Path Traversal High
CVE-2026-55760 was published for com.github.jknack:handlebars (Maven) Jun 17, 2026
dyingman1 Credited to dyingman1
Filament: Disabled RichEditor field state can be used for XSS High
CVE-2026-55409 was published for filament/forms (Composer) Jun 17, 2026
mike197312 Credited to mike197312 and danharrin danharrin danharrin
LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector High
CVE-2026-55405 was published for dev.langchain4j:langchain4j-mariadb (Maven) Jun 17, 2026
v9d0g Credited to v9d0g and oscarpg oscarpg oscarpg
OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints Moderate
CVE-2026-46448 was published for nova (pip) Jun 16, 2026
Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1... Moderate Unreviewed
CVE-2026-11890 was published Jun 16, 2026
In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type... High Unreviewed
CVE-2026-0162 was published Jun 16, 2026
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible... High Unreviewed
CVE-2026-0160 was published Jun 16, 2026
In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an... High Unreviewed
CVE-2026-0161 was published Jun 16, 2026
In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of... High Unreviewed
CVE-2026-0137 was published Jun 16, 2026
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead... High Unreviewed
CVE-2026-0139 was published Jun 16, 2026
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow.... High Unreviewed
CVE-2026-0149 was published Jun 16, 2026
In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to... High Unreviewed
CVE-2026-0138 was published Jun 16, 2026
In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to... High Unreviewed
CVE-2026-0143 was published Jun 16, 2026
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to... High Unreviewed
CVE-2026-0154 was published Jun 16, 2026
In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api.c, there is a possible out of bounds... High Unreviewed
CVE-2026-0146 was published Jun 16, 2026
In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect... High Unreviewed
CVE-2026-0153 was published Jun 16, 2026
In keymint, there is a possible Permission Bypass due to a logic error in the code. This could... Low Unreviewed
CVE-2026-0145 was published Jun 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database