GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,646 advisories
Filter by severity
Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
Moderate
CVE-2026-48808
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters
Moderate
CVE-2026-48807
was published
for
twig/twig
(Composer)
Jun 30, 2026
Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys
Moderate
CVE-2026-48806
was published
for
twig/twig
(Composer)
Jun 30, 2026
Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect...
Critical
Unreviewed
CVE-2026-48286
was published
Jun 30, 2026
Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook
High
CVE-2026-49824
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook
High
CVE-2026-49823
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
@cedar-policy/authorization-for-expressjs has an authorization bypass via query string manipulation
High
CVE-2026-49473
was published
for
@cedar-policy/authorization-for-expressjs
(npm)
Jun 30, 2026
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated...
Moderate
Unreviewed
CVE-2026-57953
was published
Jun 29, 2026
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
High
Unreviewed
CVE-2026-57950
was published
Jun 29, 2026
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table...
High
Unreviewed
CVE-2026-57951
was published
Jun 29, 2026
RustDesk gates incoming control messages on per-capability flags rather than on the session's...
High
Unreviewed
CVE-2026-58056
was published
Jun 28, 2026
Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors
Low
CVE-2026-54244
was published
for
statamic/cms
(Composer)
Jun 26, 2026
Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context
Moderate
CVE-2026-53521
was published
for
github.com/nezhahq/nezha
(Go)
Jun 26, 2026
Authelia has an Edge Case Access Control Rule Mismatch
Low
CVE-2026-48794
was published
for
github.com/authelia/authelia/v4
(Go)
Jun 26, 2026
Blnk has an API key authorization bypass in owner and scope enforcement
High
GHSA-wcr3-9x4c-f5gj
was published
for
github.com/blnkfinance/blnk
(Go)
Jun 26, 2026
Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources
Moderate
CVE-2026-49288
was published
for
statamic/cms
(Composer)
Jun 26, 2026
Fleet DM Vulnerable to Cross-Team Policy Data Exposure via Global Policy Read Endpoint
Moderate
CVE-2026-41262
was published
for
github.com/fleetdm/fleet/v4
(Go)
Jun 26, 2026
golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement
Critical
CVE-2026-46595
was published
for
golang.org/x/crypto/ssh
(Go)
Jun 25, 2026
Lemur Privilege Escalation: Non-admin role members can rewrite role membership via PUT /api/1/roles/<id>
Moderate
CVE-2026-55163
was published
for
lemur
(pip)
Jun 25, 2026
ImageMagick: Policy Bypass can read disallowed files via symlink
Moderate
CVE-2026-49219
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission
High
CVE-2026-48508
was published
for
lemur
(pip)
Jun 25, 2026
LangGraph SDK has unsafe URL path construction
Moderate
CVE-2026-48776
was published
for
langgraph-sdk
(pip)
Jun 25, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6,...
Moderate
Unreviewed
CVE-2026-5796
was published
Jun 25, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6,...
Moderate
Unreviewed
CVE-2026-5952
was published
Jun 25, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0...
Low
Unreviewed
CVE-2026-0934
was published
Jun 25, 2026
ProTip!
Advisories are also available from the
GraphQL API