Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

170 advisories

Loading
pnpm: Repository-controlled configDependencies can select a pacquet native install engine High
CVE-2026-55697 was published for pnpm (npm) Jun 26, 2026
sondt99 Credited to sondt99 and dungNHVhust dungNHVhust dungNHVhust
stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment High
GHSA-w7pm-9g55-mxfm was published for stigmem-node (pip) May 29, 2026
A firmware update mechanism in the affected charging controller fails to validate the... Critical Unreviewed
CVE-2026-9037 was published May 28, 2026
amwhoi Credited to amwhoi
apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible) High
CVE-2026-42575 was published for chainguard.dev/apko (Go) May 4, 2026
1seal Credited to 1seal and antitree antitree antitree
Axios npm Supply Chain Incident Impacting @usebruno/cli Critical
CVE-2026-34841 was published for @usebruno/cli (npm) Apr 2, 2026
ZeroXJacks Credited to ZeroXJacks
An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver... Moderate Unreviewed
CVE-2026-1878 was published Mar 12, 2026
pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies High
CVE-2025-69263 was published for pnpm (npm) Jan 7, 2026
orenyomtov Credited to orenyomtov
ProTip! Advisories are also available from the GraphQL API