GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 29,215
Composer 5,632
Erlang 49
GitHub Actions 49
Go 3,549
Maven 6,424
npm 5,851
NuGet 917
pip 4,798
Pub 13
RubyGems 1,038
Rust 1,237
Swift 53

Unreviewed advisories

All unreviewed 298,419

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,716 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management... Critical Unreviewed

CVE-2026-6257 was published Apr 20, 2026

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management... Critical Unreviewed

CVE-2026-39109 was published Apr 20, 2026

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update... Critical Unreviewed

CVE-2026-30269 was published Apr 20, 2026

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where... Critical Unreviewed

CVE-2026-39918 was published Apr 20, 2026

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file... Critical Unreviewed

CVE-2026-5760 was published Apr 20, 2026

A possible security vulnerability has been identified in Apache Kafka. By default, the broker... Critical Unreviewed

CVE-2026-33557 was published Apr 20, 2026

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated... Critical Unreviewed

CVE-2026-5964 was published Apr 20, 2026

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated... Critical Unreviewed

CVE-2026-5963 was published Apr 20, 2026

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability... Critical Unreviewed

CVE-2026-6644 was published Apr 20, 2026

SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow... Critical Unreviewed

CVE-2026-32956 was published Apr 20, 2026

Dag Authors, who normally should not be able to execute code in the webserver context could craft... Critical Unreviewed

CVE-2026-25917 was published Apr 18, 2026

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted ... Critical Unreviewed

CVE-2026-35546 was published Apr 17, 2026

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the... Critical Unreviewed

CVE-2026-40525 was published Apr 17, 2026

An attacker with network access to the PLC is able to brute force discover passwords to gain... Critical Unreviewed

CVE-2026-6284 was published Apr 17, 2026

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc... Critical Unreviewed

CVE-2025-14813 was published Apr 17, 2026

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core... Critical Unreviewed

CVE-2026-5598 was published Apr 17, 2026

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote... Critical Unreviewed

CVE-2026-37749 was published Apr 17, 2026

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database... Critical Unreviewed

CVE-2025-15625 was published Apr 17, 2026

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. ... Critical Unreviewed

CVE-2025-15624 was published Apr 17, 2026

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System... Critical Unreviewed

CVE-2025-15623 was published Apr 17, 2026

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in... Critical Unreviewed

CVE-2026-6443 was published Apr 17, 2026

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed

CVE-2026-37339 was published Apr 16, 2026

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed

CVE-2026-37340 was published Apr 16, 2026

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the... Critical Unreviewed

CVE-2026-37345 was published Apr 16, 2026

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in... Critical Unreviewed

CVE-2026-37347 was published Apr 16, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,716 advisories