GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
314,394 advisories
Filter by severity
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead...
High
Unreviewed
CVE-2026-48618
was published
Jun 26, 2026
A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt(...
High
Unreviewed
CVE-2026-48933
was published
Jun 26, 2026
A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop...
High
Unreviewed
CVE-2026-12505
was published
Jun 18, 2026
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
Moderate
Unreviewed
CVE-2026-12329
was published
Jun 16, 2026
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox...
Moderate
Unreviewed
CVE-2026-12298
was published
Jun 16, 2026
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11,...
High
Unreviewed
CVE-2026-12328
was published
Jun 16, 2026
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152,...
Critical
Unreviewed
CVE-2026-12294
was published
Jun 16, 2026
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152...
Moderate
Unreviewed
CVE-2026-12299
was published
Jun 16, 2026
Sandbox escape due to incorrect boundary conditions in the Networking component. This...
Critical
Unreviewed
CVE-2026-12297
was published
Jun 16, 2026
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152,...
Critical
Unreviewed
CVE-2026-12295
was published
Jun 16, 2026
In the Linux kernel, the following vulnerability has been resolved:
xfrm: defensively unhash...
High
Unreviewed
CVE-2026-46116
was published
May 28, 2026
Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read...
High
Unreviewed
CVE-2026-9770
was published
Jul 15, 2026
Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection") in the web...
Moderate
Unreviewed
CVE-2026-11851
was published
Jul 15, 2026
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain...
Critical
Unreviewed
CVE-2026-13385
was published
Jul 15, 2026
An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the...
Moderate
Unreviewed
CVE-2026-13230
was published
Jul 15, 2026
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File...
High
Unreviewed
CVE-2026-8920
was published
Jul 15, 2026
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote...
High
Unreviewed
CVE-2026-8919
was published
Jul 15, 2026
Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface,...
High
Unreviewed
CVE-2026-15029
was published
Jul 15, 2026
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not...
High
Unreviewed
CVE-2026-13585
was published
Jul 15, 2026
Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS...
Moderate
Unreviewed
CVE-2026-15030
was published
Jul 15, 2026
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - copy IV using...
High
Unreviewed
CVE-2026-53016
was published
Jun 24, 2026
Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in...
Critical
Unreviewed
CVE-2026-12296
was published
Jun 16, 2026
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox...
High
Unreviewed
CVE-2026-12292
was published
Jun 16, 2026
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR...
High
Unreviewed
CVE-2026-12290
was published
Jun 16, 2026
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152,...
High
Unreviewed
CVE-2026-12291
was published
Jun 16, 2026
ProTip!
Advisories are also available from the
GraphQL API