GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
170 advisories
Filter by severity
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes
High
CVE-2026-55698
was published
for
pnpm
(npm)
Jun 26, 2026
pnpm: Repository-controlled configDependencies can select a pacquet native install engine
High
CVE-2026-55697
was published
for
pnpm
(npm)
Jun 26, 2026
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags...
High
Unreviewed
CVE-2021-47986
was published
Jun 26, 2026
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version...
High
Unreviewed
CVE-2021-47987
was published
Jun 26, 2026
Withdrawn Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY
High
GHSA-gv7w-rqvm-qjhr
was published
for
esbuild
(npm)
Jun 12, 2026
•
withdrawn
stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment
High
GHSA-w7pm-9g55-mxfm
was published
for
stigmem-node
(pip)
May 29, 2026
A firmware update mechanism in the affected charging controller fails to validate the...
Critical
Unreviewed
CVE-2026-9037
was published
May 28, 2026
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained...
High
Unreviewed
CVE-2026-9089
was published
May 21, 2026
Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark
Critical
CVE-2026-45058
was published
for
electerm
(npm)
May 14, 2026
apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)
High
CVE-2026-42575
was published
for
chainguard.dev/apko
(Go)
May 4, 2026
Ollama for Windows does not perform integrity or authenticity verification of downloaded update...
High
Unreviewed
CVE-2026-42248
was published
Apr 29, 2026
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The ...
High
Unreviewed
CVE-2026-40066
was published
Apr 17, 2026
Axios npm Supply Chain Incident Impacting @usebruno/cli
Critical
CVE-2026-34841
was published
for
@usebruno/cli
(npm)
Apr 2, 2026
TrueConf Client downloads application update code and applies it without performing verification....
High
Unreviewed
CVE-2026-3502
was published
Mar 30, 2026
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
High
CVE-2026-28500
was published
for
onnx
(pip)
Mar 16, 2026
An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver...
Moderate
Unreviewed
CVE-2026-1878
was published
Mar 12, 2026
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability,...
Critical
Unreviewed
CVE-2026-2999
was published
Mar 2, 2026
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability,...
Critical
Unreviewed
CVE-2026-3000
was published
Mar 2, 2026
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows...
Moderate
Unreviewed
CVE-2025-47904
was published
Feb 24, 2026
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution...
Critical
Unreviewed
CVE-2026-27180
was published
Feb 19, 2026
The firmware update functionality does not verify the authenticity of the supplied firmware...
Moderate
Unreviewed
CVE-2025-15575
was published
Feb 12, 2026
A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco...
Moderate
Unreviewed
CVE-2026-20056
was published
Feb 4, 2026
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity...
High
Unreviewed
CVE-2025-15556
was published
Feb 3, 2026
pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies
High
CVE-2025-69263
was published
for
pnpm
(npm)
Jan 7, 2026
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before...
High
Unreviewed
CVE-2025-55310
was published
Dec 11, 2025
ProTip!
Advisories are also available from the
GraphQL API