GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
134 advisories
Filter by severity
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android...
High
Unreviewed
CVE-2026-58296
was published
Jul 3, 2026
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android...
High
Unreviewed
CVE-2026-58297
was published
Jul 3, 2026
Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control,...
High
Unreviewed
CVE-2026-57960
was published
Jun 29, 2026
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that...
High
Unreviewed
CVE-2026-56124
was published
Jun 29, 2026
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL...
Moderate
Unreviewed
CVE-2026-48615
was published
Jun 26, 2026
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that...
High
Unreviewed
CVE-2019-25762
was published
Jun 19, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2025-30459
was published
Jun 11, 2026
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers...
High
Unreviewed
CVE-2026-26237
was published
Jun 10, 2026
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer....
Moderate
Unreviewed
CVE-2026-25699
was published
Jun 9, 2026
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to...
Moderate
Unreviewed
CVE-2020-25900
was published
Jun 5, 2026
Exposure of private personal information to an unauthorized actor, Insufficiently Protected...
High
Unreviewed
CVE-2025-13477
was published
May 21, 2026
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5...
Moderate
Unreviewed
CVE-2026-28963
was published
May 11, 2026
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and...
High
Unreviewed
CVE-2026-28906
was published
May 11, 2026
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0....
Moderate
Unreviewed
CVE-2025-66171
was published
May 8, 2026
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0....
Moderate
Unreviewed
CVE-2025-66172
was published
May 8, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and...
Moderate
Unreviewed
CVE-2026-28950
was published
Apr 22, 2026
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox...
Moderate
Unreviewed
CVE-2026-6765
was published
Apr 21, 2026
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System...
Critical
Unreviewed
CVE-2025-15623
was published
Apr 17, 2026
Under specific conditions, a malicious webpage may trigger autofill population after two...
Low
Unreviewed
CVE-2026-0102
was published
Feb 17, 2026
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to...
High
Unreviewed
CVE-2020-37173
was published
Feb 11, 2026
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to...
Moderate
Unreviewed
CVE-2026-24321
was published
Feb 10, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Since...
Low
Unreviewed
CVE-2025-66605
was published
Feb 9, 2026
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account...
Low
Unreviewed
CVE-2025-11598
was published
Feb 3, 2026
In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information...
High
Unreviewed
CVE-2025-14317
was published
Jan 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18...
Low
Unreviewed
CVE-2025-3950
was published
Jan 9, 2026
ProTip!
Advisories are also available from the
GraphQL API