GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
131,736 advisories
Filter by severity
VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path...
High
Unreviewed
CVE-2026-47871
was published
Jul 18, 2026
VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the...
High
Unreviewed
CVE-2026-47866
was published
Jul 18, 2026
VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with...
High
Unreviewed
CVE-2026-47867
was published
Jul 18, 2026
Exposure of private personal information to an unauthorized actor in Windows RDP allows an...
High
Unreviewed
CVE-2026-56171
was published
Jul 18, 2026
Skipper: Incomplete fix for CVE-2026-50197: an oversized body can bypass OPA deny-on-presence Rego policies
High
GHSA-8qqm-fp2q-v734
was published
for
github.com/zalando/skipper
(Go)
Jul 17, 2026
CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard
High
CVE-2026-55177
was published
for
@tak-ps/cloudtak
(npm)
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow...
High
Unreviewed
CVE-2026-7667
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery ...
High
Unreviewed
CVE-2026-7754
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to...
High
Unreviewed
CVE-2026-7755
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files...
High
Unreviewed
CVE-2026-7872
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters...
High
Unreviewed
CVE-2026-8056
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the...
High
Unreviewed
CVE-2026-13445
was published
Jul 17, 2026
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in...
High
Unreviewed
CVE-2026-16118
was published
Jul 17, 2026
Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in...
High
Unreviewed
CVE-2026-48373
was published
Jul 17, 2026
IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted...
High
Unreviewed
CVE-2026-9171
was published
Jul 17, 2026
IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM...
High
Unreviewed
CVE-2026-13473
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code...
High
Unreviewed
CVE-2026-13448
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute...
High
Unreviewed
CVE-2026-14499
was published
Jul 17, 2026
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2026-15322
was published
Jul 17, 2026
Flask-Reuploaded: Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix variant of CVE-2026-27641)
High
CVE-2026-54567
was published
for
Flask-Reuploaded
(pip)
Jul 17, 2026
Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader
High
CVE-2026-53597
was published
for
@prompty/core
(npm)
Jul 17, 2026
Prompty: Arbitrary file read via file reference expansion
High
CVE-2026-53598
was published
for
@prompty/core
(npm)
Jul 17, 2026
Gitea has insufficient permission checks for Composer package source links
High
CVE-2026-27771
was published
for
code.gitea.io/gitea
(Go)
Jul 17, 2026
meta-ads-mcp: X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token
High
CVE-2026-54547
was published
for
meta-ads-mcp
(pip)
Jul 17, 2026
meta-ads-mcp: Server-Side Request Forgery (SSRF) in `upload_ad_image` via Unrestricted `image_url` Fetch
High
CVE-2026-54549
was published
for
meta-ads-mcp
(pip)
Jul 17, 2026
ProTip!
Advisories are also available from the
GraphQL API