Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

111,559 advisories

Loading
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the... High Unreviewed
CVE-2026-22739 was published Mar 24, 2026
Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to... High Unreviewed
CVE-2026-4674 was published Mar 24, 2026
Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to... High Unreviewed
CVE-2026-4679 was published Mar 24, 2026
Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to... High Unreviewed
CVE-2026-4678 was published Mar 24, 2026
Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a... High Unreviewed
CVE-2026-4677 was published Mar 24, 2026
Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to... High Unreviewed
CVE-2026-4680 was published Mar 24, 2026
Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker... High Unreviewed
CVE-2026-4675 was published Mar 24, 2026
Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to... High Unreviewed
CVE-2026-4676 was published Mar 24, 2026
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote... High Unreviewed
CVE-2026-4673 was published Mar 24, 2026
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to... High Unreviewed
CVE-2026-4021 was published Mar 24, 2026
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing... High Unreviewed
CVE-2026-3533 was published Mar 24, 2026
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected... High Unreviewed
CVE-2026-4611 was published Mar 24, 2026
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter... High Unreviewed
CVE-2026-4306 was published Mar 24, 2026
Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could... High Unreviewed
CVE-2025-60946 was published Mar 24, 2026
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a... High Unreviewed
CVE-2025-60947 was published Mar 24, 2026
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway ... High Unreviewed
CVE-2026-4368 was published Mar 23, 2026
A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to... High Unreviewed
CVE-2025-15606 was published Mar 23, 2026
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP... High Unreviewed
CVE-2026-25075 was published Mar 23, 2026
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600... High Unreviewed
CVE-2025-15517 was published Mar 23, 2026
Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200,... High Unreviewed
CVE-2025-15518 was published Mar 23, 2026
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200,... High Unreviewed
CVE-2025-15519 was published Mar 23, 2026
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210,... High Unreviewed
CVE-2025-15605 was published Mar 23, 2026
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through... High Unreviewed
CVE-2026-26829 was published Mar 23, 2026
A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone... High Unreviewed
CVE-2026-26828 was published Mar 23, 2026
Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized... High Unreviewed
CVE-2026-1958 was published Mar 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database