Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

701 advisories

Loading
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run... High Unreviewed
CVE-2024-27890 was published Jun 5, 2026
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run... High Unreviewed
CVE-2024-27892 was published Jun 5, 2026
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing... High Unreviewed
CVE-2026-50225 was published Jun 4, 2026
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions... High Unreviewed
CVE-2026-36603 was published Jun 3, 2026
Cryptographic Issue while processing a specific partition which allows unauthorized write access... High Unreviewed
CVE-2026-24088 was published Jun 2, 2026
Cryptographic issue while processing partition table entries allows unauthorized modification of... High Unreviewed
CVE-2026-24090 was published Jun 2, 2026
@agenticmail/mcp Missing Authentication for Critical Function High
GHSA-63gr-g7jc-v8rg was published for @agenticmail/mcp (npm) Jun 1, 2026
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT... High Unreviewed
CVE-2026-5768 was published May 29, 2026
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without... High Unreviewed
CVE-2026-49195 was published May 29, 2026
Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal... High Unreviewed
CVE-2026-46826 was published May 28, 2026
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64... High Unreviewed
CVE-2026-8697 was published May 28, 2026
Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint High
CVE-2026-45332 was published for automad/automad (Composer) May 27, 2026
lorenzocamilli Credited to lorenzocamilli
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no... High Unreviewed
CVE-2026-48692 was published May 26, 2026
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives High
CVE-2026-46612 was published for github.com/fission/fission (Go) May 21, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS High
GHSA-vrxg-gm77-7q5g was published for windows-mcp (pip) May 21, 2026
CamoFox MCP: Unauthenticated HTTP MCP browser-control surface High
GHSA-7hgr-7h44-33w2 was published for camofox-mcp (npm) May 19, 2026
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could... High Unreviewed
CVE-2026-8602 was published May 19, 2026
TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection High
CVE-2026-45327 was published for github.com/DatanoiseTV/tinyice (Go) May 18, 2026
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to... High Unreviewed
CVE-2025-27853 was published May 13, 2026
mem0 server lacks authentication and authorization controls for its memory management API endpoints High
CVE-2026-31240 was published for mem0ai (pip) May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option High
CVE-2026-45089 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` High
CVE-2026-45088 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
A remote code execution vulnerability exists in Code Runner MCP Server when run with the -... High Unreviewed
CVE-2026-5029 was published May 12, 2026
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected... High Unreviewed
CVE-2026-22924 was published May 12, 2026
In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to... High Unreviewed
CVE-2026-44413 was published May 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database