GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,998
Composer 5,462
Erlang 46
GitHub Actions 48
Go 3,361
Maven 6,349
npm 5,410
NuGet 881
pip 4,554
Pub 12
RubyGems 1,013
Rust 1,205
Swift 51

Unreviewed advisories

All unreviewed 295,677

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

295,677 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider... Unknown Unreviewed

CVE-2026-32794 was published Mar 31, 2026

A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName... High Unreviewed

CVE-2026-5152 was published Mar 30, 2026

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions. Unknown Unreviewed

CVE-2026-4789 was published Mar 30, 2026

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in... Critical Unreviewed

CVE-2026-34714 was published Mar 30, 2026

A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()`... Low Unreviewed

CVE-2026-21715 was published Mar 30, 2026

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user... Moderate Unreviewed

CVE-2026-21713 was published Mar 30, 2026

An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the... Low Unreviewed

CVE-2026-21716 was published Mar 30, 2026

A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received... High Unreviewed

CVE-2026-21710 was published Mar 30, 2026

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream... Moderate Unreviewed

CVE-2026-21714 was published Mar 30, 2026

TrueConf Client downloads application update code and applies it without performing verification.... High Unreviewed

CVE-2026-3502 was published Mar 30, 2026

Roo Code's command auto-approval module contains a critical OS command injection vulnerability... Unknown Unreviewed

CVE-2026-30307 was published Mar 30, 2026

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric... Moderate Unreviewed

CVE-2026-21717 was published Mar 30, 2026

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown... Moderate Unreviewed

CVE-2026-5147 was published Mar 30, 2026

Syntx's command auto-approval module contains a critical OS command injection vulnerability that... Unknown Unreviewed

CVE-2026-30305 was published Mar 30, 2026

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects... Moderate Unreviewed

CVE-2026-5148 was published Mar 30, 2026

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue... Moderate Unreviewed

CVE-2026-5150 was published Mar 30, 2026

In its design for automatic terminal command execution, HAI Build Code Generator offers two... Unknown Unreviewed

CVE-2026-30308 was published Mar 30, 2026

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability... Unknown Unreviewed

CVE-2026-30313 was published Mar 30, 2026

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe... Unknown Unreviewed

CVE-2026-30306 was published Mar 30, 2026

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server... Moderate Unreviewed

CVE-2026-21711 was published Mar 30, 2026

Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0... High Unreviewed

CVE-2026-3991 was published Mar 30, 2026

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in... High Unreviewed

CVE-2026-29925 was published Mar 30, 2026

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload... High Unreviewed

CVE-2026-29924 was published Mar 30, 2026

Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting... Moderate Unreviewed

CVE-2026-27508 was published Mar 30, 2026

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function... Moderate Unreviewed

CVE-2026-5124 was published Mar 30, 2026

Previous 12…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

295,677 advisories