GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,215
Composer 5,632
Erlang 49
GitHub Actions 49
Go 3,549
Maven 6,424
npm 5,851
NuGet 917
pip 4,798
Pub 13
RubyGems 1,038
Rust 1,237
Swift 53

Unreviewed advisories

All unreviewed 298,394

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,713 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A possible security vulnerability has been identified in Apache Kafka. By default, the broker... Critical Unreviewed

CVE-2026-33557 was published Apr 20, 2026

Dag Authors, who normally should not be able to execute code in the webserver context could craft... Critical Unreviewed

CVE-2026-25917 was published Apr 18, 2026

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file... Critical Unreviewed

CVE-2026-5760 was published Apr 20, 2026

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where... Critical Unreviewed

CVE-2026-39918 was published Apr 20, 2026

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in... Critical Unreviewed

CVE-2026-5121 was published Mar 30, 2026

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability... Critical Unreviewed

CVE-2026-6644 was published Apr 20, 2026

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated... Critical Unreviewed

CVE-2026-5963 was published Apr 20, 2026

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated... Critical Unreviewed

CVE-2026-5964 was published Apr 20, 2026

SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow... Critical Unreviewed

CVE-2026-32956 was published Apr 20, 2026

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath... Critical Unreviewed

CVE-2025-49794 was published Jun 16, 2025

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML... Critical Unreviewed

CVE-2025-49796 was published Jun 16, 2025

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed

CVE-2026-37339 was published Apr 16, 2026

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed

CVE-2026-37340 was published Apr 16, 2026

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the... Critical Unreviewed

CVE-2026-40525 was published Apr 17, 2026

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted ... Critical Unreviewed

CVE-2026-35546 was published Apr 17, 2026

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this... Critical Unreviewed

CVE-2026-34865 was published Apr 13, 2026

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote... Critical Unreviewed

CVE-2026-37749 was published Apr 17, 2026

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres... Critical Unreviewed

CVE-2026-21708 was published Mar 12, 2026

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc... Critical Unreviewed

CVE-2025-14813 was published Apr 17, 2026

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core... Critical Unreviewed

CVE-2026-5598 was published Apr 17, 2026

An attacker with network access to the PLC is able to brute force discover passwords to gain... Critical Unreviewed

CVE-2026-6284 was published Apr 17, 2026

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. ... Critical Unreviewed

CVE-2025-15624 was published Apr 17, 2026

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System... Critical Unreviewed

CVE-2025-15623 was published Apr 17, 2026

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database... Critical Unreviewed

CVE-2025-15625 was published Apr 17, 2026

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in... Critical Unreviewed

CVE-2026-6443 was published Apr 17, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,713 advisories