Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20322
Total
1466
Critical
6160
High
6453
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-58424 | HIGH | 8.9 | Permanent Fork PR Workflow Approval Gate Bypass | Jul 03, 2026 |
| CVE-2026-58423 | HIGH | 7.7 | LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | Jul 03, 2026 |
| CVE-2026-58422 | UNKNOWN | — | Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | Jul 03, 2026 |
| CVE-2026-58421 | UNKNOWN | — | Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | Jul 03, 2026 |
| CVE-2026-58419 | UNKNOWN | — | Notification API leaks private issue metadata after access revocation | Jul 03, 2026 |
| CVE-2026-58418 | MEDIUM | 6.5 | SSRF via HTTP Redirect in Repository Migration | Jul 03, 2026 |
| CVE-2026-58300 | MEDIUM | 6.2 | Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. | Jul 03, 2026 |
| CVE-2026-58299 | HIGH | 7.5 | Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58298 | HIGH | 7.2 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 03, 2026 |
| CVE-2026-58297 | HIGH | 7.1 | Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. | Jul 03, 2026 |
| CVE-2026-58296 | HIGH | 7.1 | Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. | Jul 03, 2026 |
| CVE-2026-58295 | HIGH | 8.3 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | Jul 03, 2026 |
| CVE-2026-58294 | HIGH | 7.5 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58293 | HIGH | 8.1 | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58292 | HIGH | 7.5 | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58291 | MEDIUM | 6.1 | Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | Jul 03, 2026 |
| CVE-2026-58290 | HIGH | 7.5 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58289 | CRITICAL | 9.0 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58288 | HIGH | 8.3 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58287 | HIGH | 8.3 | Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58286 | HIGH | 8.1 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 03, 2026 |
| CVE-2026-58285 | HIGH | 8.3 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58284 | HIGH | 8.3 | Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Jul 03, 2026 |
| CVE-2026-58283 | HIGH | 8.1 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 03, 2026 |
| CVE-2026-58282 | HIGH | 8.1 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Jul 03, 2026 |