Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,080
Maven
5,000+
npm
4,980
NuGet
825
pip
4,417
Pub
12
RubyGems
988
Rust
1,162
Swift
50
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

291,917 advisories

Loading
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor... Critical Unreviewed
CVE-2026-29127 was published Mar 5, 2026
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default... High Unreviewed
CVE-2026-26034 was published Mar 5, 2026
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore... High Unreviewed
CVE-2026-29124 was published Mar 5, 2026
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in... High Unreviewed
CVE-2026-29126 was published Mar 5, 2026
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC)... High Unreviewed
CVE-2026-29123 was published Mar 5, 2026
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path... High Unreviewed
CVE-2026-26033 was published Mar 5, 2026
IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local... High Unreviewed
CVE-2026-29125 was published Mar 5, 2026
Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids... Unknown Unreviewed
CVE-2025-40926 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility... High Unreviewed
CVE-2026-29122 was published Mar 5, 2026
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache... Unknown Unreviewed
CVE-2025-40931 was published Mar 5, 2026
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. ... Unknown Unreviewed
CVE-2026-3381 was published Mar 5, 2026
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. ... Unknown Unreviewed
CVE-2024-57854 was published Mar 5, 2026
UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library... Unknown Unreviewed
CVE-2026-3257 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility... High Unreviewed
CVE-2026-29121 was published Mar 5, 2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform... Unknown Unreviewed
CVE-2025-70222 was published Mar 5, 2026
An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0... Critical Unreviewed
CVE-2026-2835 was published Mar 5, 2026
An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1... Critical Unreviewed
CVE-2026-2833 was published Mar 5, 2026
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure... Moderate Unreviewed
CVE-2026-22052 was published Mar 5, 2026
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the... Moderate Unreviewed
CVE-2025-41257 was published Mar 5, 2026
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass... Critical Unreviewed
CVE-2026-29000 was published Mar 5, 2026
A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default... High Unreviewed
CVE-2026-2836 was published Mar 5, 2026
The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly... Moderate Unreviewed
CVE-2026-2297 was published Mar 5, 2026
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote... Unknown Unreviewed
CVE-2026-3541 was published Mar 4, 2026
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a... Unknown Unreviewed
CVE-2026-3540 was published Mar 4, 2026
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. Unknown Unreviewed
CVE-2025-46108 was published Mar 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database