GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
7,308 advisories
Filter by severity
In Apache Airflow before 3.3.0, the REST API task-instance detail and list
endpoints returned a...
Moderate
Unreviewed
CVE-2026-49487
was published
Jul 7, 2026
A bug in Apache Airflow's `/ui/dependencies` scheduling graph endpoint applied the caller's...
Moderate
Unreviewed
CVE-2026-48891
was published
Jul 7, 2026
The Config API in Apache Airflow surfaced per-key secrets-backend overrides (environment...
Moderate
Unreviewed
CVE-2026-48892
was published
Jul 7, 2026
The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key,...
Moderate
Unreviewed
CVE-2026-48828
was published
Jul 7, 2026
Craft CMS: Sensitive File Disclosure / Server-Side File Read
Moderate
CVE-2026-55792
was published
for
craftcms/cms
(Composer)
Jul 6, 2026
Craft CMS: Authenticated "assets/preview-thumb" discloses signed fallback transform preview link to CP users without asset-view permission
Moderate
GHSA-x76w-8c62-48mg
was published
for
craftcms/cms
(Composer)
Jul 6, 2026
Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based)...
Moderate
Unreviewed
CVE-2026-56646
was published
Jul 3, 2026
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the...
Moderate
Unreviewed
CVE-2026-14611
was published
Jul 3, 2026
@nuxt/ui: UAuthForm / UForm SSR markup omits `method`, leaking credentials via GET if submitted before hydration
Moderate
GHSA-gj2h-2fpw-fhv9
was published
for
@nuxt/ui
(npm)
Jul 2, 2026
Froxlor: Authenticated customers can read other customers' allowed sender aliases
Moderate
GHSA-mr9h-45p9-fg8h
was published
for
froxlor/froxlor
(Composer)
Jul 2, 2026
Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect
Moderate
CVE-2026-50192
was published
for
github.com/kerberos-io/agent/machinery
(Go)
Jul 2, 2026
OpenClaw MCP SSE redirects could forward Authorization headers
Moderate
GHSA-9c3v-684m-579c
was published
for
openclaw
(npm)
Jul 1, 2026
ORAS Go forwards registry credentials across registry redirects
Moderate
GHSA-vh4v-2xq2-g5cg
was published
for
oras.land/oras-go/v2
(Go)
Jul 1, 2026
SurrealDB: Graph traversal bypasses table SELECT permissions
Moderate
GHSA-vjjx-rfw4-rmfc
was published
for
surrealdb
(Rust)
Jul 1, 2026
repomix: attach_packed_output can bypass file-read secret scanning for supported local files
Moderate
CVE-2026-49988
was published
for
repomix
(npm)
Jul 1, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation...
Moderate
Unreviewed
CVE-2026-58033
was published
Jul 1, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation...
Moderate
Unreviewed
CVE-2026-58024
was published
Jul 1, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation...
Moderate
Unreviewed
CVE-2026-58027
was published
Jul 1, 2026
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-12408
was published
Jul 1, 2026
Capgo before 12.128.2 contains an information disclosure vulnerability in the /private...
Moderate
Unreviewed
CVE-2026-56318
was published
Jul 1, 2026
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-14146
was published
Jul 1, 2026
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed...
Moderate
Unreviewed
CVE-2026-14096
was published
Jul 1, 2026
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-14098
was published
Jul 1, 2026
Inappropriate implementation in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-14049
was published
Jul 1, 2026
Inappropriate implementation in Views in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed...
Moderate
Unreviewed
CVE-2026-14062
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API