Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

55,021 advisories

Loading
An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process... High Unreviewed
CVE-2026-5750 was published Apr 22, 2026
A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True`... High Unreviewed
CVE-2026-6859 was published Apr 22, 2026
An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2... High Unreviewed
CVE-2026-35548 was published Apr 22, 2026
A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query. High Unreviewed
CVE-2026-33593 was published Apr 22, 2026
Inadequate access control in the registration process in Fullstep V5, which could allow... High Unreviewed
CVE-2026-5749 was published Apr 22, 2026
An attacker can send a notify request that causes a new secondary domain to be added to the bind... High Unreviewed
CVE-2026-33608 was published Apr 22, 2026
A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in... High Unreviewed
CVE-2026-6855 was published Apr 22, 2026
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the... High Unreviewed
CVE-2026-6857 was published Apr 22, 2026
Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local... High Unreviewed
CVE-2026-0539 was published Apr 22, 2026
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a... High Unreviewed
CVE-2026-6846 was published Apr 22, 2026
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path... High Unreviewed
CVE-2026-4132 was published Apr 22, 2026
In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control... High Unreviewed
CVE-2026-6023 was published Apr 22, 2026
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled... High Unreviewed
CVE-2026-6022 was published Apr 22, 2026
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the... High Unreviewed
CVE-2026-40542 was published Apr 22, 2026
Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="... High Unreviewed
CVE-2026-22754 was published Apr 22, 2026
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and... High Unreviewed
CVE-2026-22753 was published Apr 22, 2026
The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote... High Unreviewed
CVE-2026-6833 was published Apr 22, 2026
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated... High Unreviewed
CVE-2026-6834 was published Apr 22, 2026
OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP... High Unreviewed
CVE-2026-41458 was published Apr 22, 2026
The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing... High Unreviewed
CVE-2026-5398 was published Apr 22, 2026
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server... High Unreviewed
CVE-2026-5921 was published Apr 22, 2026
An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in... High Unreviewed
CVE-2026-5845 was published Apr 22, 2026
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise... High Unreviewed
CVE-2026-4821 was published Apr 22, 2026
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2026-4296 was published Apr 22, 2026
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete... High Unreviewed
CVE-2026-6832 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database