Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

711 advisories

Loading
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and... Critical Unreviewed
CVE-2026-54103 was published Jun 18, 2026
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/... Critical Unreviewed
CVE-2026-12046 was published Jun 19, 2026
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-54130 was published Jun 19, 2026
Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests Critical
CVE-2026-48814 was published for network-ai (npm) Jun 19, 2026
SnailSploit Credited to SnailSploit
Tilt: Missing authentication on the network-exposed Tilt HUD server Critical
CVE-2026-55884 was published for github.com/tilt-dev/tilt (Go) Jun 19, 2026
therawdev Credited to therawdev
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430,... Critical Unreviewed
CVE-2026-50242 was published Jun 19, 2026
motionEye: LFI → pass‑the‑hash admin → unsafe restore → unauth action exec (RCE) Critical
GHSA-qxvg-h7q2-hcxh was published for motioneye (pip) Jun 23, 2026
C4spr0x1A Credited to C4spr0x1A and MichaIng MichaIng MichaIng
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account... Critical Unreviewed
CVE-2025-71327 was published Jun 26, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate... Critical Unreviewed
CVE-2026-40702 was published Jun 26, 2026
mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind Critical
CVE-2026-49257 was published for mcp-pinot-server (pip) Jun 26, 2026
raysabee Credited to raysabee and PeledTomer1 PeledTomer1 PeledTomer1
Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api... Critical Unreviewed
CVE-2026-56782 was published Jun 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database