GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
622 advisories
Filter by severity
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-13910
was published
Jul 1, 2026
Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an...
Moderate
Unreviewed
CVE-2026-13876
was published
Jul 1, 2026
Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-13904
was published
Jul 1, 2026
Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-13886
was published
Jul 1, 2026
Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote...
Critical
Unreviewed
CVE-2026-13859
was published
Jul 1, 2026
Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys) in Google Chrome...
Moderate
Unreviewed
CVE-2026-13862
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when...
High
Unreviewed
CVE-2025-71352
was published
Jul 1, 2026
Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Moderate
CVE-2026-48808
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters
Moderate
CVE-2026-48807
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys
Moderate
CVE-2026-48806
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
Low
CVE-2026-48805
was published
for
twig/twig
(Composer)
Jun 30, 2026
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Critical
CVE-2026-50564
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
Critical
CVE-2026-50545
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
OpenAM Authenticated RCE via Groovy Sandbox Escape
High
CVE-2026-47424
was published
for
org.openidentityplatform.openam:openam-scripting
(Maven)
Jun 29, 2026
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation...
High
Unreviewed
CVE-2026-13601
was published
Jun 29, 2026
7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted...
Moderate
Unreviewed
CVE-2026-58052
was published
Jun 28, 2026
pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle
High
CVE-2026-55487
was published
for
pnpm
(npm)
Jun 26, 2026
nono-py has proxy-only network fallback bypass on older Linux kernels
Moderate
GHSA-72w7-mf9g-733p
was published
for
nono-py
(pip)
Jun 26, 2026
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly...
Low
Unreviewed
CVE-2026-3472
was published
Jun 26, 2026
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit...
High
Unreviewed
CVE-2026-57280
was published
Jun 24, 2026
Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails
Moderate
CVE-2026-54762
was published
for
github.com/traefik/traefik/v3
(Go)
Jun 19, 2026
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
High
CVE-2026-53853
was published
for
openclaw
(npm)
Jun 18, 2026
OpenClaw: Skill-command dispatch could skip before-tool-call hooks
Low
CVE-2026-53845
was published
for
openclaw
(npm)
Jun 18, 2026
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
High
GHSA-6jcq-6546-qrrw
was published
for
praisonai
(pip)
Jun 18, 2026
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
High
GHSA-5jv7-2mjm-h6qj
was published
for
praisonai
(npm)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API