GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,008
Composer 5,618
Erlang 49
GitHub Actions 49
Go 3,521
Maven 6,415
npm 5,740
NuGet 912
pip 4,768
Pub 13
RubyGems 1,036
Rust 1,229
Swift 53

Unreviewed advisories

All unreviewed 298,070

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

298,070 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery... Moderate Unreviewed

CVE-2026-39922 was published Apr 10, 2026

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability,... Critical Unreviewed

CVE-2026-6350 was published Apr 16, 2026

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the... Critical Unreviewed

CVE-2026-40504 was published Apr 16, 2026

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub... Moderate Unreviewed

CVE-2026-1880 was published Apr 16, 2026

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed

CVE-2026-3885 was published Apr 16, 2026

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. Critical Unreviewed

CVE-2026-40959 was published Apr 16, 2026

The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed

CVE-2026-3299 was published Apr 16, 2026

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed

CVE-2026-6349 was published Apr 16, 2026

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least... High Unreviewed

CVE-2026-40960 was published Apr 16, 2026

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB... High Unreviewed

CVE-2026-41015 was published Apr 16, 2026

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote... High Unreviewed

CVE-2026-40502 was published Apr 16, 2026

MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output,... Moderate Unreviewed

CVE-2026-40505 was published Apr 16, 2026

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote... High Unreviewed

CVE-2026-40503 was published Apr 16, 2026

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's... High Unreviewed

CVE-2026-40499 was published Apr 16, 2026

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common... Moderate Unreviewed

CVE-2026-40962 was published Apr 16, 2026

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing... High Unreviewed

CVE-2026-6351 was published Apr 16, 2026

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member... Moderate Unreviewed

CVE-2026-3428 was published Apr 16, 2026

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability,... Critical Unreviewed

CVE-2026-6348 was published Apr 16, 2026

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery... Moderate Unreviewed

CVE-2026-39921 was published Apr 10, 2026

Improper neutralization of input during web page generation ('cross-site scripting')... Moderate Unreviewed

CVE-2026-39840 was published Apr 7, 2026

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules)... Moderate Unreviewed

CVE-2026-5363 was published Apr 16, 2026

The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of... Critical Unreviewed

CVE-2026-4880 was published Apr 16, 2026

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a... Moderate Unreviewed

CVE-2026-1564 was published Apr 16, 2026

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in... Moderate Unreviewed

CVE-2026-40500 was published Apr 16, 2026

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting... Moderate Unreviewed

CVE-2026-1711 was published Apr 16, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

298,070 advisories