GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+
711 advisories
Filter by severity
Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46783
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware ...
Critical
Unreviewed
CVE-2026-46778
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46789
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46801
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46800
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46799
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46798
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46803
was published
Jun 17, 2026
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM Legacy...
Critical
Unreviewed
CVE-2026-46807
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46813
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46845
was published
Jun 17, 2026
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2026-46846
was published
Jun 17, 2026
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:...
Critical
Unreviewed
CVE-2026-46879
was published
Jun 17, 2026
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web...
Critical
Unreviewed
CVE-2026-46905
was published
Jun 17, 2026
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
Critical
CVE-2026-55450
was published
for
langflow
(pip)
Jun 17, 2026
Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey...
Critical
Unreviewed
CVE-2026-55196
was published
Jun 17, 2026
PraisonAI: MCP SSE transport binds 0.0.0.0 with no authentication and no Origin validation; bundled SecurityConfig is never wired in
Critical
GHSA-x227-pf99-vffg
was published
for
praisonaiagents
(pip)
Jun 18, 2026
PraisonAI: Unauthenticated RCE via Jobs API + Approval Bypass
Critical
GHSA-4869-x4pr-q22x
was published
for
praisonai
(pip)
Jun 18, 2026
praisonai: recipe serve auth middleware silently disables itself when no secret is set
Critical
GHSA-j4hj-7hfh-g2f4
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
Critical
GHSA-fq2m-6wqh-x44g
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI AgentTeam.launch exposes unauthenticated remote agent listing and invocation endpoints
Critical
GHSA-x8cv-xmq7-p8xp
was published
for
praisonaiagents
(pip)
Jun 18, 2026
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
Critical
GHSA-892r-p3jq-jp24
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
Critical
GHSA-p75f-6fp4-p57w
was published
for
praisonai
(pip)
Jun 18, 2026
npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
Critical
GHSA-9752-mhqh-h34f
was published
for
praisonai
(npm)
Jun 18, 2026
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
Critical
GHSA-j4f3-55x4-r6q2
was published
for
praisonai
(npm)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API