GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
162,296 advisories
Filter by severity
An
unauthenticated URL redirection vulnerability has been identified in Archer
AX20 V2 due to...
Moderate
Unreviewed
CVE-2026-10562
was published
Jun 30, 2026
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an...
Moderate
Unreviewed
CVE-2026-9106
was published
Jun 30, 2026
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a...
Moderate
Unreviewed
CVE-2026-9002
was published
Jun 30, 2026
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8...
Moderate
Unreviewed
CVE-2026-12085
was published
Jun 30, 2026
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes...
Moderate
Unreviewed
CVE-2026-13773
was published
Jun 30, 2026
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2026-11595
was published
Jun 30, 2026
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM...
Moderate
Unreviewed
CVE-2026-3602
was published
Jun 30, 2026
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear...
Moderate
Unreviewed
CVE-2025-12530
was published
Jun 30, 2026
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM...
Moderate
Unreviewed
CVE-2026-12086
was published
Jun 30, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes...
Moderate
Unreviewed
CVE-2026-11906
was published
Jun 30, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site...
Moderate
Unreviewed
CVE-2025-36320
was published
Jun 30, 2026
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin...
Moderate
Unreviewed
CVE-2026-12084
was published
Jun 30, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A...
Moderate
Unreviewed
CVE-2025-36321
was published
Jun 30, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to...
Moderate
Unreviewed
CVE-2025-36319
was published
Jun 30, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes...
Moderate
Unreviewed
CVE-2025-36372
was published
Jun 30, 2026
Paymenter has race condition in payWithCredit() that enables credit double-spend
Moderate
CVE-2026-55219
was published
for
paymenter/paymenter
(Composer)
Jun 30, 2026
Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Moderate
CVE-2026-48808
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters
Moderate
CVE-2026-48807
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys
Moderate
CVE-2026-48806
was published
for
twig/twig
(Composer)
Jun 30, 2026
Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality
Moderate
CVE-2026-49835
was published
for
github.com/sigstore/timestamp-authority
(Go)
Jun 30, 2026
CefSharp.Common: `FolderSchemeHandlerFactory` path boundary check can expose files outside the configured root folder
Moderate
CVE-2026-48796
was published
for
CefSharp.Common
(NuGet)
Jun 30, 2026
oban_web missing authorization check on `save-job` event handler
Moderate
CVE-2026-48592
was published
for
oban_web
(Erlang)
Jun 30, 2026
oban_web: Unbounded range expansion in cron describe causes memory exhaustion
Moderate
CVE-2026-48593
was published
for
oban_web
(Erlang)
Jun 30, 2026
Probo has an open redirect bypass via path normalization
Moderate
CVE-2026-49820
was published
for
go.probo.inc/probo
(Go)
Jun 30, 2026
Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active...
Moderate
Unreviewed
CVE-2026-58174
was published
Jun 30, 2026
ProTip!
Advisories are also available from the
GraphQL API