Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
3,990
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,390
Swift
56
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

12,603 advisories

Loading
Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115... Low Unreviewed
CVE-2026-12032 was published Jun 12, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a... Low Unreviewed
CVE-2026-12017 was published Jun 12, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8,... Low Unreviewed
CVE-2026-9694 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8,... Low Unreviewed
CVE-2026-6976 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8,... Low Unreviewed
CVE-2026-3553 was published Jun 11, 2026
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into... Low Unreviewed
CVE-2026-41000 was published Jun 11, 2026
A person with access to a Mac may be able to bypass Login Window. A consistency issue was... Low Unreviewed
CVE-2022-48575 was published Jun 11, 2026
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a... Low Unreviewed
CVE-2026-0266 was published Jun 11, 2026
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA... Low Unreviewed
CVE-2026-29114 was published Jun 10, 2026
The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings... Low Unreviewed
CVE-2026-9060 was published Jun 10, 2026
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and... Low Unreviewed
CVE-2026-41694 was published Jun 10, 2026
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an... Low Unreviewed
CVE-2026-48288 was published Jun 9, 2026
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an... Low Unreviewed
CVE-2026-48289 was published Jun 9, 2026
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation... Low Unreviewed
CVE-2026-45642 was published Jun 9, 2026
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information... Low Unreviewed
CVE-2026-45485 was published Jun 9, 2026
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose... Low Unreviewed
CVE-2026-45466 was published Jun 9, 2026
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass... Low Unreviewed
CVE-2026-45459 was published Jun 9, 2026
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose... Low Unreviewed
CVE-2026-45455 was published Jun 9, 2026
Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style... Low Unreviewed
CVE-2026-42768 was published Jun 9, 2026
Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer... Low Unreviewed
CVE-2026-42770 was published Jun 9, 2026
Authenticated administrators connected to the local network can gain elevated access to the... Low Unreviewed
CVE-2026-0410 was published Jun 9, 2026
A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer... Low Unreviewed
CVE-2026-11786 was published Jun 9, 2026
A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the... Low Unreviewed
CVE-2026-11792 was published Jun 9, 2026
When creating an export of all reusable media, the secrets of connected gift cards were included... Low Unreviewed
CVE-2026-11764 was published Jun 9, 2026
Logic bypass vulnerability in the file system. Impact: Successful exploitation of this... Low Unreviewed
CVE-2026-41986 was published Jun 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database