Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12,030 advisories

Loading
Improper input validation, Improper verification of cryptographic signature vulnerability in... High Unreviewed
CVE-2026-6328 was published Apr 17, 2026
Flowise: Parameter Override Bypass Remote Command Execution High
GHSA-cvrr-qhgw-2mm6 was published for flowise (npm) Apr 16, 2026
retpoline Credited to retpoline
Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association High
GHSA-48m6-ch88-55mj was published for flowise (npm) Apr 16, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Withdrawn Advisory: Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion High
GHSA-qjfj-3mm5-vrjg was published for google/protobuf (Composer) Apr 16, 2026 withdrawn
Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is... Moderate Unreviewed
CVE-2026-22615 was published Apr 16, 2026
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation... Moderate Unreviewed
CVE-2026-27299 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation... High Unreviewed
CVE-2026-27306 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation... Critical Unreviewed
CVE-2026-27304 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation... High Unreviewed
CVE-2026-27282 was published Apr 15, 2026
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability High
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01, briandesarmo, and nicky-dilemmagroep briandesarmo briandesarmo
nicky-dilemmagroep nicky-dilemmagroep
Composer has a command injection via malicious perforce repository High
CVE-2026-40176 was published for composer/composer (Composer) Apr 14, 2026
glaubinix Credited to glaubinix and Saku0512 Saku0512 Saku0512
Composer has a command injection via malicious perforce reference High
CVE-2026-40261 was published for composer/composer (Composer) Apr 14, 2026
kodareef5 Credited to kodareef5
Improper input validation in Windows Active Directory allows an authorized attacker to execute... High Unreviewed
CVE-2026-33826 was published Apr 14, 2026
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-32201 was published Apr 14, 2026
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate... High Unreviewed
CVE-2026-32168 was published Apr 14, 2026
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. High Unreviewed
CVE-2026-32149 was published Apr 14, 2026
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security... High Unreviewed
CVE-2026-27928 was published Apr 14, 2026
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-27913 was published Apr 14, 2026
Improper input validation in Windows Hello allows an authorized attacker to bypass a security... Moderate Unreviewed
CVE-2026-27906 was published Apr 14, 2026
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code... High Unreviewed
CVE-2026-26156 was published Apr 14, 2026
Improper input validation in Windows Server Update Service allows an unauthorized attacker to... High Unreviewed
CVE-2026-26154 was published Apr 14, 2026
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate... High Unreviewed
CVE-2026-26170 was published Apr 14, 2026
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to... High Unreviewed
CVE-2026-26161 was published Apr 14, 2026
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-26143 was published Apr 14, 2026
Rand is unsound with a custom logger using rand::rng() Low
GHSA-cq8v-f236-94qc was published for rand (Rust) Apr 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database