GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2026-45489
was published
Jul 3, 2026
@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)
Moderate
CVE-2026-49993
was published
for
@nuxt/rspack-builder
(npm)
Jun 16, 2026
Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability,...
Moderate
Unreviewed
CVE-2026-12060
was published
Jun 12, 2026
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on...
Moderate
Unreviewed
CVE-2026-7516
was published
Jun 10, 2026
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Moderate
CVE-2026-45670
was published
for
@nuxt/rspack-builder
(npm)
May 19, 2026
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Moderate
CVE-2026-6402
was published
for
webpack-dev-server
(npm)
May 18, 2026
Exposed Keycloak management
service in the Arqit Symmetric Key Agreement Platform enables...
Moderate
Unreviewed
CVE-2026-33584
was published
May 13, 2026
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6...
Moderate
Unreviewed
CVE-2026-8109
was published
May 12, 2026
view_component: Preview Route Can Dispatch Inherited Helper Methods
Moderate
CVE-2026-44836
was published
for
view_component
(RubyGems)
May 8, 2026
Memory corruption while processing IOCTL command when device is in power-save state.
Moderate
Unreviewed
CVE-2026-25266
was published
May 4, 2026
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in...
Moderate
Unreviewed
CVE-2025-59788
was published
Dec 4, 2025
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for...
Moderate
Unreviewed
CVE-2025-59403
was published
Oct 2, 2025
Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information...
Moderate
Unreviewed
CVE-2025-5823
was published
Jun 26, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site
Moderate
CVE-2025-30359
was published
for
webpack-dev-server
(npm)
Jun 4, 2025
A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted ...
Moderate
Unreviewed
CVE-2025-48415
was published
May 21, 2025
SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not...
Moderate
Unreviewed
CVE-2025-43003
was published
May 13, 2025
Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized...
Moderate
Unreviewed
CVE-2025-26651
was published
Apr 8, 2025
H2O Vulnerable to Execution of Arbitrary Files
Moderate
CVE-2024-6863
was published
for
ai.h2o:h2o-core
(Maven)
Mar 20, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24361
was published
for
@nuxt/rspack-builder
(npm)
Jan 27, 2025
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55945
was published
for
typo3/cms-lowlevel
(Composer)
Jan 14, 2025
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55923
was published
for
typo3/cms-indexed-search
(Composer)
Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-55922
was published
for
typo3/cms-form
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Dashboard Module
Moderate
CVE-2024-55920
was published
for
typo3/cms-dashboard
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Backend User Module
Moderate
CVE-2024-55894
was published
for
typo3/cms-beuser
(Composer)
Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Log Module
Moderate
CVE-2024-55893
was published
for
typo3/cms-belog
(Composer)
Jan 14, 2025
ProTip!
Advisories are also available from the
GraphQL API