GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,216
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31,471 advisories
Filter by severity
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header
Critical
CVE-2026-53943
was published
for
ghost
(npm)
Jul 1, 2026
Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command...
Critical
Unreviewed
CVE-2026-58457
was published
Jul 1, 2026
Rancher has Privilege Escalation from Project Owner to Host
Critical
CVE-2026-41052
was published
for
github.com/rancher/rancher
(Go)
Jul 1, 2026
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
Critical
CVE-2026-44935
was published
for
github.com/rancher/fleet
(Go)
Jul 1, 2026
Rancher vulnerable to command injection through unsanitized YAML parameter
Critical
CVE-2026-44939
was published
for
github.com/rancher/rancher
(Go)
Jul 1, 2026
QUIC has Broken TLS verification
Critical
CVE-2026-49457
was published
for
quic
(Erlang)
Jul 1, 2026
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded...
Critical
Unreviewed
CVE-2026-58453
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
Critical
Unreviewed
CVE-2026-34114
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac...
Critical
Unreviewed
CVE-2026-34112
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
Critical
Unreviewed
CVE-2026-34110
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in text.php ...
Critical
Unreviewed
CVE-2026-34108
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
Critical
Unreviewed
CVE-2026-34111
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
Critical
Unreviewed
CVE-2026-34113
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
Critical
Unreviewed
CVE-2026-34115
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
Critical
Unreviewed
CVE-2026-34117
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in...
Critical
Unreviewed
CVE-2026-34116
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate...
Critical
Unreviewed
CVE-2026-34107
was published
Jul 1, 2026
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34104
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34103
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in subtitles...
Critical
Unreviewed
CVE-2026-34106
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34105
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech...
Critical
Unreviewed
CVE-2026-34109
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34099
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34102
was published
Jul 1, 2026
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in...
Critical
Unreviewed
CVE-2026-34101
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API