GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
293 advisories
Filter by severity
Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update
High
CVE-2026-52829
was published
for
zebra-network
(Rust)
Jul 2, 2026
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that...
High
Unreviewed
CVE-2026-47145
was published
Jun 25, 2026
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that...
High
Unreviewed
CVE-2026-47146
was published
Jun 25, 2026
vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution
High
CVE-2026-41523
was published
for
vllm
(pip)
Jun 16, 2026
A vulnerability has been found in some Dahua products could
allow an unauthenticated remote...
High
Unreviewed
CVE-2026-29116
was published
Jun 10, 2026
When using $changestreams and $_requestReshardingResumeToken with the exchange option the server...
High
Unreviewed
CVE-2026-9746
was published
Jun 10, 2026
The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this...
High
Unreviewed
CVE-2026-9748
was published
Jun 10, 2026
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating...
High
Unreviewed
CVE-2026-9750
was published
Jun 10, 2026
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage...
High
Unreviewed
CVE-2026-9749
was published
Jun 10, 2026
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb...
High
Unreviewed
CVE-2026-9747
was published
Jun 10, 2026
FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The...
High
Unreviewed
CVE-2026-37228
was published
Jun 1, 2026
FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The...
High
Unreviewed
CVE-2026-37233
was published
Jun 1, 2026
FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER...
High
Unreviewed
CVE-2026-37229
was published
Jun 1, 2026
FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but...
High
Unreviewed
CVE-2026-37227
was published
Jun 1, 2026
FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2...
High
Unreviewed
CVE-2026-37224
was published
Jun 1, 2026
FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty...
High
Unreviewed
CVE-2026-37225
was published
Jun 1, 2026
FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher...
High
Unreviewed
CVE-2026-37223
was published
Jun 1, 2026
FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded...
High
Unreviewed
CVE-2026-37222
was published
Jun 1, 2026
FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The...
High
Unreviewed
CVE-2026-37220
was published
Jun 1, 2026
FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has...
High
Unreviewed
CVE-2026-37221
was published
Jun 1, 2026
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Remove user...
High
Unreviewed
CVE-2026-46117
was published
May 28, 2026
Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any...
High
Unreviewed
CVE-2026-8843
was published
May 18, 2026
free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)
High
CVE-2026-44321
was published
for
github.com/free5gc/smf
(Go)
May 8, 2026
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
High
CVE-2026-44319
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
In the Linux kernel, the following vulnerability has been resolved:
crypto: tegra - Add missing...
High
Unreviewed
CVE-2026-31739
was published
May 1, 2026
ProTip!
Advisories are also available from the
GraphQL API