GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,323
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,494
Swift
61
Unreviewed advisories
All unreviewed
5,000+
163,970 advisories
Filter by severity
A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function...
Moderate
Unreviewed
CVE-2026-15907
was published
Jul 16, 2026
adawolfa/isdoc: Uncontrolled resource consumption (decompression bomb) when reading untrusted ISDOCX or PDF files
Moderate
GHSA-xg43-5579-qw6v
was published
for
adawolfa/isdoc
(Composer)
Jul 15, 2026
ViewComponent: Reused Component Instances Retain Stale Render Context
Moderate
CVE-2026-54497
was published
for
view_component
(RubyGems)
Jul 15, 2026
open-feature-operator: Cross-namespace FeatureFlagSource and InProcessConfiguration resolution exposes spec contents on multi-tenant clusters
Moderate
CVE-2026-54495
was published
for
github.com/open-feature/open-feature-operator
(Go)
Jul 15, 2026
serde_with: KeyValueMap serialization panics on empty sequence or map entries
Moderate
GHSA-7gcf-g7xr-8hxj
was published
for
serde_with
(Rust)
Jul 15, 2026
websocket-driver: Resource limit bypass via message compression
Moderate
CVE-2026-54490
was published
for
websocket-driver
(npm)
Jul 15, 2026
websocket-driver: Memory exhaustion in HTTP header parser
Moderate
CVE-2026-54465
was published
for
websocket-driver
(RubyGems)
Jul 15, 2026
websocket-driver: Resource limit bypass via message compression
Moderate
CVE-2026-54464
was published
for
websocket-driver
(RubyGems)
Jul 15, 2026
websocket-driver: Memory exhaustion via abuse of protocol length headers
Moderate
CVE-2026-54463
was published
for
websocket-driver
(RubyGems)
Jul 15, 2026
Pixeldrain API key shared with unverified thirdparty sites
Moderate
CVE-2026-54254
was published
for
cyberdrop-dl-patched
(pip)
Jul 15, 2026
safeurl is Missing IPv6 CIDR Ranges in Blocklist
Moderate
CVE-2026-54452
was published
for
github.com/doyensec/safeurl
(Go)
Jul 15, 2026
FiftyOne App server uses wildcard CORS (Access-Control-Allow-Origin: *), enabling cross-origin reads of local server data
Moderate
CVE-2026-53656
was published
for
fiftyone
(pip)
Jul 15, 2026
CVE-2026-55398
is a memory management vulnerability in Secure Access clients and servers prior
to...
Moderate
Unreviewed
CVE-2026-55398
was published
Jul 15, 2026
CVE-2026-55399 is a resource exhaustion
vulnerability in the Secure Access publisher prior to 14...
Moderate
Unreviewed
CVE-2026-55399
was published
Jul 15, 2026
CVE-2026-33444 is a memory management
vulnerability in Secure Access servers prior to 14.55....
Moderate
Unreviewed
CVE-2026-33444
was published
Jul 15, 2026
o
CVE-2026-40957 is a frameable content
vulnerability in the Secure Access server login page...
Moderate
Unreviewed
CVE-2026-40957
was published
Jul 15, 2026
CVE-2026-40953 is a heap overflow in the
certificate parsing function of Secure Access clients...
Moderate
Unreviewed
CVE-2026-40953
was published
Jul 15, 2026
The PackagerResolver of Apache Ivy is able to download online
artifacts and to (re)package them...
Moderate
Unreviewed
CVE-2026-26032
was published
Jul 15, 2026
MantisBT: Injection of TIME_TRACKING and REMINDER Notes via REST and SOAP APIs
Moderate
CVE-2026-52883
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
MantisBT: REST and SOAP API Issue Update Accepts Unreleased Product Versions From Updaters
Moderate
CVE-2026-52882
was published
for
mantisbt/mantisbt
(Composer)
Jul 15, 2026
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform...
Moderate
Unreviewed
CVE-2026-20298
was published
Jul 15, 2026
Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure...
Moderate
Unreviewed
CVE-2026-56087
was published
Jul 15, 2026
Pegatron `Tdelo64.sys` exposes a privileged device interface, `\\.\TdeIo`, that fails to properly...
Moderate
Unreviewed
CVE-2026-14961
was published
Jul 15, 2026
Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting (XSS)...
Moderate
Unreviewed
CVE-2026-1562
was published
Jul 15, 2026
A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector ...
Moderate
Unreviewed
CVE-2026-20146
was published
Jul 15, 2026
ProTip!
Advisories are also available from the
GraphQL API