Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,092
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

301 advisories

Loading
Vulnerability involving the exposure of sensitive data provided without adequate protection. The... Critical Unreviewed
CVE-2026-7166 was published Jun 22, 2026
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit Critical
CVE-2026-55447 was published for langflow (pip) Jun 19, 2026
vbCrLf Credited to vbCrLf, AntonioABLima, andifilhohub, erichare, and Adam-Aghili AntonioABLima AntonioABLima
andifilhohub andifilhohub erichare erichare Adam-Aghili Adam-Aghili
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation Critical
GHSA-892r-p3jq-jp24 was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak Critical
CVE-2026-55450 was published for langflow (pip) Jun 17, 2026
vbCrLf Credited to vbCrLf, Jkavia, erichare, AntonioABLima, andifilhohub, and Adam-Aghili Jkavia Jkavia
erichare erichare AntonioABLima AntonioABLima andifilhohub andifilhohub Adam-Aghili Adam-Aghili
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... Critical Unreviewed
CVE-2026-46912 was published Jun 17, 2026
Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure.... Critical Unreviewed
CVE-2026-40965 was published Jun 2, 2026
HAXcms: Private Key Disclosure via Broken HMAC Implementation Critical
CVE-2026-46395 was published for @haxtheweb/haxcms-nodejs (npm) May 19, 2026
shreyas-challa Credited to shreyas-challa
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an... Critical Unreviewed
CVE-2026-41615 was published May 14, 2026
Strapi may leak sensitive data via relational filtering due to lack of query sanitization Critical
CVE-2026-27886 was published for @strapi/strapi (npm) May 14, 2026
WildWestCyberSecurity Credited to WildWestCyberSecurity, innerdvations, derrickmehaffy, nclsndr, and Bassel17 innerdvations innerdvations
derrickmehaffy derrickmehaffy nclsndr nclsndr Bassel17 Bassel17
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an... Critical Unreviewed
CVE-2026-40379 was published May 12, 2026
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode) Critical
CVE-2026-45091 was published for io.github.davidalmeidac:sealed-env-core (Maven) May 12, 2026
davidalmeidac Credited to davidalmeidac
Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to... Critical Unreviewed
CVE-2026-25199 was published May 8, 2026
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized... Critical Unreviewed
CVE-2026-42826 was published May 8, 2026
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction Critical
CVE-2026-42880 was published for github.com/argoproj/argo-cd/v3 (Go) May 7, 2026
hoang-prod Credited to hoang-prod
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening Critical
GHSA-9h64-2846-7x7f was published for github.com/getaxonflow/axonflow (Go) May 6, 2026
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path... Critical Unreviewed
CVE-2026-7381 was published Apr 30, 2026
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses Critical
GHSA-wpqr-6v78-jr5g was published for @google/gemini-cli (GitHub Actions) Apr 24, 2026
DanusMinimus Credited to DanusMinimus and EladMeged-Novee EladMeged-Novee EladMeged-Novee
Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars Critical
CVE-2026-41492 was published for github.com/dgraph-io/dgraph (Go) Apr 24, 2026
MaherAzzouzi Credited to MaherAzzouzi
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an... Critical Unreviewed
CVE-2026-21515 was published Apr 24, 2026
Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints Critical
CVE-2026-40173 was published for github.com/dgraph-io/dgraph (Go) Apr 16, 2026
komi22 Credited to komi22
Pyroscope Exposes Storage Secret Critical
CVE-2025-41118 was published for github.com/grafana/pyroscope (Go) Apr 15, 2026
A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An... Critical Unreviewed
CVE-2026-5128 was published Mar 30, 2026
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote,... Critical Unreviewed
CVE-2025-60949 was published Mar 24, 2026
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the... Critical Unreviewed
CVE-2026-32865 was published Mar 19, 2026
HAPI FHIR HTTP authentication leak in redirects Critical
CVE-2026-33180 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 18, 2026
ElliotSilver Credited to ElliotSilver
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database