Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

711 advisories

Loading
Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46783 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-46778 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46789 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46801 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46800 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46799 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46798 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46803 was published Jun 17, 2026
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM Legacy... Critical Unreviewed
CVE-2026-46807 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46813 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46845 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2026-46846 was published Jun 17, 2026
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Critical Unreviewed
CVE-2026-46879 was published Jun 17, 2026
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... Critical Unreviewed
CVE-2026-46905 was published Jun 17, 2026
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak Critical
CVE-2026-55450 was published for langflow (pip) Jun 17, 2026
vbCrLf Credited to vbCrLf, Jkavia, erichare, AntonioABLima, andifilhohub, and Adam-Aghili Jkavia Jkavia
erichare erichare AntonioABLima AntonioABLima andifilhohub andifilhohub Adam-Aghili Adam-Aghili
Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey... Critical Unreviewed
CVE-2026-55196 was published Jun 17, 2026
PraisonAI: MCP SSE transport binds 0.0.0.0 with no authentication and no Origin validation; bundled SecurityConfig is never wired in Critical
GHSA-x227-pf99-vffg was published for praisonaiagents (pip) Jun 18, 2026
sour-exploit Credited to sour-exploit
PraisonAI: Unauthenticated RCE via Jobs API + Approval Bypass Critical
GHSA-4869-x4pr-q22x was published for praisonai (pip) Jun 18, 2026
lc13n Credited to lc13n
praisonai: recipe serve auth middleware silently disables itself when no secret is set Critical
GHSA-j4hj-7hfh-g2f4 was published for praisonai (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication Critical
GHSA-fq2m-6wqh-x44g was published for praisonai (pip) Jun 18, 2026
SnailSploit Credited to SnailSploit
PraisonAI AgentTeam.launch exposes unauthenticated remote agent listing and invocation endpoints Critical
GHSA-x8cv-xmq7-p8xp was published for praisonaiagents (pip) Jun 18, 2026
rexpository Credited to rexpository
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation Critical
GHSA-892r-p3jq-jp24 was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai Critical
GHSA-p75f-6fp4-p57w was published for praisonai (pip) Jun 18, 2026
huslayer826 Credited to huslayer826
npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation Critical
GHSA-9752-mhqh-h34f was published for praisonai (npm) Jun 18, 2026
rexpository Credited to rexpository
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call Critical
GHSA-j4f3-55x4-r6q2 was published for praisonai (npm) Jun 18, 2026
rexpository Credited to rexpository
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database