GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
622 advisories
Filter by severity
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP)...
Moderate
Unreviewed
CVE-2026-0278
was published
Jul 9, 2026
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)
Moderate
CVE-2026-53508
was published
for
github.com/oasdiff/oasdiff
(Go)
Jul 7, 2026
netfoil has a domain name filter bypass via multiple questions
Moderate
GHSA-59qp-cfj3-rp64
was published
for
github.com/tinfoil-factory/netfoil
(Go)
Jul 7, 2026
uutils coreutils: cp/install/mv/ln --suffix alone does not enable backup mode (silent data loss vs GNU)
High
GHSA-fqf6-gxhh-2xhw
was published
for
uucore
(Rust)
Jul 7, 2026
rm: 'rm -rf ./' (and ./// variants) silently deletes current directory contents, bypassing dot protection
Moderate
CVE-2026-35363
was published
for
uu_rm
(Rust)
Jul 6, 2026
rm: --preserve-root bypassed via a symlink to / (string check instead of dev/inode)
Moderate
CVE-2026-35349
was published
for
uu_rm
(Rust)
Jul 6, 2026
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass...
High
Unreviewed
CVE-2026-14535
was published
Jul 4, 2026
A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected...
Low
Unreviewed
CVE-2026-14625
was published
Jul 4, 2026
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files,...
High
Unreviewed
CVE-2025-71373
was published
Jul 4, 2026
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote...
High
Unreviewed
CVE-2026-14409
was published
Jul 2, 2026
Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`
High
CVE-2026-49981
was published
for
twig/twig
(Composer)
Jul 1, 2026
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote...
Critical
Unreviewed
CVE-2026-14151
was published
Jul 1, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote...
Critical
Unreviewed
CVE-2026-14120
was published
Jul 1, 2026
Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed...
Critical
Unreviewed
CVE-2026-14101
was published
Jul 1, 2026
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-14076
was published
Jul 1, 2026
Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a...
Critical
Unreviewed
CVE-2026-14095
was published
Jul 1, 2026
Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150.0.7871.47...
Critical
Unreviewed
CVE-2026-14097
was published
Jul 1, 2026
Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an...
Moderate
Unreviewed
CVE-2026-14092
was published
Jul 1, 2026
Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-14058
was published
Jul 1, 2026
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-14050
was published
Jul 1, 2026
Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote...
Critical
Unreviewed
CVE-2026-14037
was published
Jul 1, 2026
Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47...
Moderate
Unreviewed
CVE-2026-14059
was published
Jul 1, 2026
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.47 allowed a...
Critical
Unreviewed
CVE-2026-14017
was published
Jul 1, 2026
Insufficient policy enforcement in USB in Google Chrome prior to 150.0.7871.47 allowed a remote...
High
Unreviewed
CVE-2026-13951
was published
Jul 1, 2026
Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a...
Critical
Unreviewed
CVE-2026-13909
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API