Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

11,619 advisories

Loading
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field... Low Unreviewed
CVE-2026-4407 was published Mar 19, 2026
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals. Low Unreviewed
CVE-2026-3479 was published Mar 18, 2026
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs... Low Unreviewed
CVE-2026-1485 was published Jan 27, 2026
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical... Low Unreviewed
CVE-2025-31703 was published Mar 18, 2026
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local... Low Unreviewed
CVE-2008-3775 was published May 2, 2022
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through... Low Unreviewed
CVE-2023-25176 was published Mar 4, 2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type... Low Unreviewed
CVE-2023-49602 was published Mar 4, 2024
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-48680 was published Feb 27, 2024
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage.... Low Unreviewed
CVE-2023-48679 was published Feb 27, 2024
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following... Low Unreviewed
CVE-2023-48681 was published Feb 27, 2024
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-0325 was published Feb 2, 2024
In VPU, there is a possible use-after-free read due to a race condition. This could lead to local... Low Unreviewed
CVE-2026-0121 was published Mar 10, 2026
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP... Low Unreviewed
CVE-2026-4359 was published Mar 17, 2026
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an... Low Unreviewed
CVE-2026-3237 was published Mar 17, 2026
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature.... Low Unreviewed
CVE-2025-52649 was published Mar 16, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-61634 was published Feb 3, 2026
HCL Sametime is vulnerable to broken server-side validation. While the application performs... Low Unreviewed
CVE-2025-31966 was published Mar 17, 2026
A flaw was found in libsoup, a library used by applications to send network requests. This... Low Unreviewed
CVE-2026-3632 was published Mar 17, 2026
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type... Low Unreviewed
CVE-2026-3634 was published Mar 17, 2026
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the ... Low Unreviewed
CVE-2026-3633 was published Mar 17, 2026
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password... Low Unreviewed
CVE-2002-1975 was published Apr 30, 2022
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field... Low Unreviewed
CVE-2012-2993 was published May 17, 2022
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as... Low Unreviewed
CVE-2005-3106 was published May 1, 2022
HCL AION is affected by a vulnerability where certain offering configurations may permit... Low Unreviewed
CVE-2025-52646 was published Mar 16, 2026
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper... Low Unreviewed
CVE-2025-52636 was published Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database