GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
27,352 advisories
Filter by severity
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2026-59515
was published
Jul 13, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max...
Critical
Unreviewed
CVE-2026-57710
was published
Jul 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2026-57714
was published
Jul 13, 2026
Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18...
Critical
Unreviewed
CVE-2026-57744
was published
Jul 13, 2026
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography...
Critical
Unreviewed
CVE-2026-57770
was published
Jul 13, 2026
Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection...
Critical
Unreviewed
CVE-2026-57724
was published
Jul 13, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro...
Critical
Unreviewed
CVE-2026-57719
was published
Jul 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2026-57726
was published
Jul 13, 2026
Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object...
Critical
Unreviewed
CVE-2026-57738
was published
Jul 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2026-57739
was published
Jul 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2026-57702
was published
Jul 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Critical
Unreviewed
CVE-2026-57707
was published
Jul 13, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2026-57401
was published
Jul 13, 2026
Various sensitive information such as passwords and charging card UIDs are written to log files.
Critical
Unreviewed
CVE-2026-22098
was published
Jul 13, 2026
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection.
Critical
Unreviewed
CVE-2026-22103
was published
Jul 13, 2026
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file...
Critical
Unreviewed
CVE-2026-22102
was published
Jul 13, 2026
URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.
...
Critical
Unreviewed
CVE-2026-41041
was published
Jul 13, 2026
The webserver running on port 8090 does not require authentication. This allows for sensitive...
Critical
Unreviewed
CVE-2026-22096
was published
Jul 13, 2026
The firmware update mechanism does not include cryptographic signature validation. This allows...
Critical
Unreviewed
CVE-2026-22097
was published
Jul 13, 2026
The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the...
Critical
Unreviewed
CVE-2026-22093
was published
Jul 13, 2026
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection.
Critical
Unreviewed
CVE-2026-22095
was published
Jul 13, 2026
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability...
Critical
Unreviewed
CVE-2026-4769
was published
Jul 13, 2026
This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon...
Critical
Unreviewed
CVE-2026-14453
was published
Jul 13, 2026
The User Registration & Membership WordPress plugin before 5.2.2 does not verify the...
Critical
Unreviewed
CVE-2026-11964
was published
Jul 13, 2026
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT...
Critical
Unreviewed
CVE-2026-56271
was published
Jul 12, 2026
ProTip!
Advisories are also available from the
GraphQL API