GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
348,257 advisories
Filter by severity
A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 ...
High
Unreviewed
CVE-2026-9588
was published
Jul 17, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution...
High
Unreviewed
CVE-2026-9762
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1...
Critical
Unreviewed
CVE-2026-9198
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user...
Critical
Unreviewed
CVE-2026-9202
was published
Jul 17, 2026
ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically loads and executes...
High
Unreviewed
CVE-2026-57860
was published
Jul 17, 2026
HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing)...
Moderate
Unreviewed
CVE-2026-21760
was published
Jul 17, 2026
Keycloak provides a mechanism called Client Policies to enforce security requirements on clients,...
Moderate
Unreviewed
CVE-2026-16093
was published
Jul 17, 2026
A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This...
Moderate
Unreviewed
CVE-2026-16108
was published
Jul 17, 2026
Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing...
Critical
Unreviewed
CVE-2026-12694
was published
Jul 17, 2026
A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix...
Moderate
Unreviewed
CVE-2026-16103
was published
Jul 17, 2026
Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api...
High
Unreviewed
CVE-2026-63307
was published
Jul 17, 2026
A flaw was found in the admin REST API of Keycloak, a solution for identity and access management...
Moderate
Unreviewed
CVE-2026-16106
was published
Jul 17, 2026
Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows...
High
Unreviewed
CVE-2026-63101
was published
Jul 17, 2026
HCL DevOps Loop is affected by insufficient input validation that allows special characters where...
Low
Unreviewed
CVE-2026-21764
was published
Jul 17, 2026
HCL DevOps Loop is affected by a Cross-Origin Resource Sharing (CORS) misconfiguration. Improper...
Moderate
Unreviewed
CVE-2026-21761
was published
Jul 17, 2026
A flaw was found in the authentication configuration endpoint of the keycloak-services component,...
Moderate
Unreviewed
CVE-2026-16104
was published
Jul 17, 2026
HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce...
Low
Unreviewed
CVE-2026-21762
was published
Jul 17, 2026
TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the...
High
Unreviewed
CVE-2026-63099
was published
Jul 17, 2026
Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low...
High
Unreviewed
CVE-2026-63100
was published
Jul 17, 2026
Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering...
Moderate
Unreviewed
CVE-2026-11763
was published
Jul 17, 2026
Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video...
Critical
Unreviewed
CVE-2026-12693
was published
Jul 17, 2026
Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows...
Critical
Unreviewed
CVE-2026-12692
was published
Jul 17, 2026
Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string...
Unknown
Unreviewed
CVE-2026-9537
was published
Jul 17, 2026
Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video...
High
Unreviewed
CVE-2026-12691
was published
Jul 17, 2026
Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google...
High
Unreviewed
CVE-2026-12715
was published
Jul 17, 2026
ProTip!
Advisories are also available from the
GraphQL API