Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,862 advisories

Loading
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64... High Unreviewed
CVE-2026-8697 was published May 28, 2026
Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection Moderate
CVE-2026-45755 was published for symfony/mailtrap-mailer (Composer) May 28, 2026
alexandre-daubois Credited to alexandre-daubois and unknownhad unknownhad unknownhad
Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection Moderate
CVE-2026-45754 was published for symfony/lox24-notifier (Composer) May 28, 2026
alexandre-daubois Credited to alexandre-daubois, nicolas-grekas, and unknownhad nicolas-grekas nicolas-grekas
unknownhad unknownhad
Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint High
CVE-2026-45332 was published for automad/automad (Composer) May 27, 2026
lorenzocamilli Credited to lorenzocamilli
Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP... Critical Unreviewed
CVE-2026-8364 was published May 27, 2026
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no... High Unreviewed
CVE-2026-48692 was published May 26, 2026
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives High
CVE-2026-46612 was published for github.com/fission/fission (Go) May 21, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS High
GHSA-vrxg-gm77-7q5g was published for windows-mcp (pip) May 21, 2026
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP... Critical Unreviewed
CVE-2026-9152 was published May 21, 2026
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass... Critical Unreviewed
CVE-2026-9141 was published May 20, 2026
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload... Critical Unreviewed
CVE-2026-20223 was published May 20, 2026
CamoFox MCP: Unauthenticated HTTP MCP browser-control surface High
GHSA-7hgr-7h44-33w2 was published for camofox-mcp (npm) May 19, 2026
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes Critical
CVE-2026-46339 was published for 9router (npm) May 19, 2026
sondt99 Credited to sondt99
Kopia: RCE via SSH ProxyCommand Injection Critical
CVE-2026-45695 was published for github.com/kopia/kopia (Go) May 19, 2026
berardinellidaniele Credited to berardinellidaniele
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could... High Unreviewed
CVE-2026-8602 was published May 19, 2026
API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication... Critical Unreviewed
CVE-2026-31071 was published May 19, 2026
Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication Moderate
GHSA-9v4j-7g44-qcqw was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection High
CVE-2026-45327 was published for github.com/DatanoiseTV/tinyice (Go) May 18, 2026
Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass Moderate
CVE-2026-45577 was published for neotoma (npm) May 18, 2026
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows... Critical Unreviewed
CVE-2018-25332 was published May 17, 2026
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows... Critical Unreviewed
CVE-2018-25335 was published May 17, 2026
AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA Moderate
CVE-2026-45610 was published for WWBN/AVideo (Composer) May 15, 2026
offset Credited to offset
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1... Moderate Unreviewed
CVE-2026-45248 was published May 15, 2026
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure Moderate
CVE-2026-45397 was published for open-webui (pip) May 14, 2026
0xRyuzak1 Credited to 0xRyuzak1
Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker... Moderate Unreviewed
CVE-2025-62619 was published May 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database