GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31,885 advisories
Filter by severity
LiteLLM: Authentication Bypass via Host Header Injection
Critical
CVE-2026-49468
was published
for
litellm
(pip)
Jun 16, 2026
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
Critical
CVE-2026-44727
was published
for
jupyter-server
(pip)
Jun 18, 2026
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
Critical
CVE-2026-55518
was published
for
avo
(RubyGems)
Jun 17, 2026
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table...
Critical
Unreviewed
CVE-2025-71392
was published
Jul 18, 2026
The urwid web display backend (urwid/display/web.py) generates web session identifiers (urwid_id)...
Critical
Unreviewed
CVE-2026-9323
was published
Jul 18, 2026
SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception:...
Critical
Unreviewed
CVE-2024-58366
was published
Jul 18, 2026
In the Linux kernel, the following vulnerability has been resolved:
net: rds: clear i_sends on...
Critical
Unreviewed
CVE-2026-53355
was published
Jul 1, 2026
VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with...
Critical
Unreviewed
CVE-2026-47865
was published
Jul 18, 2026
In the Linux kernel, the following vulnerability has been resolved:
xfrm: iptfs: preserve shared...
Critical
Unreviewed
CVE-2026-53363
was published
Jul 10, 2026
Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library.
...
Critical
Unreviewed
CVE-2026-3031
was published
Jul 16, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in...
Critical
Unreviewed
CVE-2026-8481
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication...
Critical
Unreviewed
CVE-2026-8505
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files...
Critical
Unreviewed
CVE-2026-8859
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or...
Critical
Unreviewed
CVE-2026-13446
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in...
Critical
Unreviewed
CVE-2026-8476
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to...
Critical
Unreviewed
CVE-2026-8635
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access...
Critical
Unreviewed
CVE-2026-9103
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit...
Critical
Unreviewed
CVE-2026-9135
was published
Jul 17, 2026
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2026-15091
was published
Jul 17, 2026
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead.
The...
Critical
Unreviewed
CVE-2026-57074
was published
Jul 16, 2026
libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML...
Critical
Unreviewed
CVE-2026-51080
was published
Jul 17, 2026
Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute...
Critical
Unreviewed
CVE-2026-51807
was published
Jul 15, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user...
Critical
Unreviewed
CVE-2026-9202
was published
Jul 17, 2026
An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 ...
Critical
Unreviewed
CVE-2026-9586
was published
Jul 17, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-8297
was published
Jul 17, 2026
ProTip!
Advisories are also available from the
GraphQL API