GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
314,404 advisories
Filter by severity
The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers...
High
Unreviewed
CVE-2026-15804
was published
Jul 15, 2026
A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate...
High
Unreviewed
CVE-2026-14251
was published
Jul 15, 2026
The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection.
High
Unreviewed
CVE-2026-57832
was published
Jul 15, 2026
A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to...
High
Unreviewed
CVE-2026-15583
was published
Jul 15, 2026
The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection.
High
Unreviewed
CVE-2026-57831
was published
Jul 15, 2026
The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user...
Unknown
Unreviewed
CVE-2026-12512
was published
Jul 15, 2026
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL...
High
Unreviewed
CVE-2026-42936
was published
Jul 15, 2026
The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity...
Unknown
Unreviewed
CVE-2026-12281
was published
Jul 15, 2026
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not...
Unknown
Unreviewed
CVE-2026-11579
was published
Jul 15, 2026
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not...
Unknown
Unreviewed
CVE-2026-11580
was published
Jul 15, 2026
Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read...
High
Unreviewed
CVE-2026-9770
was published
Jul 15, 2026
Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection") in the web...
Moderate
Unreviewed
CVE-2026-11851
was published
Jul 15, 2026
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain...
Critical
Unreviewed
CVE-2026-13385
was published
Jul 15, 2026
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the...
Moderate
Unreviewed
CVE-2026-13230
was published
Jul 15, 2026
Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface,...
High
Unreviewed
CVE-2026-15029
was published
Jul 15, 2026
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not...
High
Unreviewed
CVE-2026-13585
was published
Jul 15, 2026
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File...
High
Unreviewed
CVE-2026-8920
was published
Jul 15, 2026
Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS...
Moderate
Unreviewed
CVE-2026-15030
was published
Jul 15, 2026
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote...
High
Unreviewed
CVE-2026-8919
was published
Jul 15, 2026
A use of uninitialized value vulnerability exists in the Matter SDK (connectedhomeip) before 1.4...
Unknown
Unreviewed
CVE-2025-56364
was published
Jul 15, 2026
In Ciena's Navigator Network Control Suite (NCS) and Manage Control Plan (MCP), there are hidden...
Unknown
Unreviewed
CVE-2026-5269
was published
Jul 15, 2026
An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network...
Unknown
Unreviewed
CVE-2026-5270
was published
Jul 15, 2026
A vulnerability was determined in zhinianboke xianyu-auto-reply on Server. Affected by this...
Low
Unreviewed
CVE-2026-15753
was published
Jul 15, 2026
Incorrect access control in the /api/License/deactivateOffline endpoint of CAXPerts...
Unknown
Unreviewed
CVE-2026-36035
was published
Jul 15, 2026
Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute...
Unknown
Unreviewed
CVE-2026-51808
was published
Jul 15, 2026
ProTip!
Advisories are also available from the
GraphQL API