Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

31,885 advisories

Loading
Pheditor: Hardcoded default password 'admin' with no forced change enables full application compromise Critical
CVE-2026-55579 was published for pheditor/pheditor (Composer) Jul 16, 2026
sondt99 Credited to sondt99
Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure Critical
CVE-2026-53713 was published for github.com/envoyproxy/gateway (Go) Jul 16, 2026
rudrakhp Credited to rudrakhp and dashingDragon dashingDragon dashingDragon
gree/jose - "None" Algorithm treated as valid in tokens Critical
GHSA-9gxv-x7rp-r2hc was published for gree/jose (Composer) May 15, 2024
RainSignal Credited to RainSignal
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding... Critical Unreviewed
CVE-2026-10840 was published Jun 4, 2026
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server... Critical Unreviewed
CVE-2026-30618 was published Jul 16, 2026
ProTip! Advisories are also available from the GraphQL API