GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
701 advisories
Filter by severity
OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to...
Moderate
Unreviewed
CVE-2026-13122
was published
Jul 6, 2026
Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update
High
CVE-2026-52829
was published
for
zebra-network
(Rust)
Jul 2, 2026
zebrad vulnerable to full node denial of service via crafted Sapling receiver in z_listunifiedreceivers
Moderate
GHSA-c8w6-x74f-vmg3
was published
for
zebra-rpc
(Rust)
Jul 2, 2026
In the Linux kernel, the following vulnerability has been resolved:
blk-wbt: remove WARN_ON_ONCE...
Moderate
Unreviewed
CVE-2026-53319
was published
Jun 26, 2026
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Wrap DCN32...
Moderate
Unreviewed
CVE-2026-53285
was published
Jun 26, 2026
In the Linux kernel, the following vulnerability has been resolved:
net: phonet: do not BUG_ON()...
Moderate
Unreviewed
CVE-2026-53292
was published
Jun 26, 2026
CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to...
Moderate
Unreviewed
CVE-2026-9718
was published
Jun 25, 2026
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that...
High
Unreviewed
CVE-2026-47145
was published
Jun 25, 2026
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that...
High
Unreviewed
CVE-2026-47146
was published
Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
accel/ethosu: reject...
Moderate
Unreviewed
CVE-2026-53169
was published
Jun 25, 2026
OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types
Moderate
CVE-2026-55776
was published
for
github.com/openbao/openbao
(Go)
Jun 19, 2026
vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution
High
CVE-2026-41523
was published
for
vllm
(pip)
Jun 16, 2026
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad....
Moderate
Unreviewed
CVE-2026-52718
was published
Jun 15, 2026
A vulnerability has been found in some Dahua products could allow an authenticated remote...
Moderate
Unreviewed
CVE-2026-29115
was published
Jun 10, 2026
A vulnerability has been found in some Dahua products could
allow an unauthenticated remote...
High
Unreviewed
CVE-2026-29116
was published
Jun 10, 2026
When using $changestreams and $_requestReshardingResumeToken with the exchange option the server...
High
Unreviewed
CVE-2026-9746
was published
Jun 10, 2026
The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this...
High
Unreviewed
CVE-2026-9748
was published
Jun 10, 2026
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating...
High
Unreviewed
CVE-2026-9750
was published
Jun 10, 2026
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage...
High
Unreviewed
CVE-2026-9749
was published
Jun 10, 2026
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb...
High
Unreviewed
CVE-2026-9747
was published
Jun 10, 2026
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through...
Moderate
Unreviewed
CVE-2026-35058
was published
Jun 8, 2026
In the Linux kernel, the following vulnerability has been resolved:
net: txgbe: fix RTNL...
Moderate
Unreviewed
CVE-2026-46287
was published
Jun 8, 2026
SGLang: Reachable Assertion via lora_path in LoRAManager enables remote Denial of Dervice
Low
CVE-2026-10300
was published
for
sglang
(pip)
Jun 2, 2026
FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The...
High
Unreviewed
CVE-2026-37228
was published
Jun 1, 2026
FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The...
High
Unreviewed
CVE-2026-37233
was published
Jun 1, 2026
ProTip!
Advisories are also available from the
GraphQL API