Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

303,288 advisories

Loading
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing... Unknown Unreviewed
CVE-2026-5091 was published May 22, 2026
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL... Moderate Unreviewed
CVE-2026-23279 was published Mar 25, 2026
A malicious actor with access to the network and low privileges could exploit a Path Traversal... High Unreviewed
CVE-2026-34911 was published May 22, 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found... Critical Unreviewed
CVE-2026-34909 was published May 22, 2026
A malicious actor with access to the network and high privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-33000 was published May 22, 2026
A malicious actor with access to the network could exploit an Improper Access Control... Critical Unreviewed
CVE-2026-34908 was published May 22, 2026
A malicious actor with access to the network could exploit an Improper Input Validation... Critical Unreviewed
CVE-2026-34910 was published May 22, 2026
A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows... Unknown Unreviewed
CVE-2026-9264 was published May 22, 2026
The setcred(2) system call is only available to privileged users. However, before the privilege... High Unreviewed
CVE-2026-45250 was published May 21, 2026
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use... High Unreviewed
CVE-2026-23281 was published Mar 25, 2026
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated... High Unreviewed
CVE-2026-46473 was published May 21, 2026
In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract... High Unreviewed
CVE-2026-41054 was published May 20, 2026
In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer... Moderate Unreviewed
CVE-2026-23285 was published Mar 25, 2026
In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fix PM... Moderate Unreviewed
CVE-2026-23283 was published Mar 25, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8410 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8412 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8413 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8416 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8434 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across... Moderate Unreviewed
CVE-2026-8240 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8409 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8432 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8433 was published May 22, 2026
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete... Low Unreviewed
CVE-2026-8427 was published May 22, 2026
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Unknown Unreviewed
CVE-2026-5297 was published May 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database