Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

4,356 advisories

Loading
Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the... Unknown Unreviewed
CVE-2026-55955 was published Jun 29, 2026
OpenAM OAuth Client Impersonation via JWKS Resolver Cache High
CVE-2026-47426 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jun 29, 2026
wodzen Credited to wodzen
A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an... Low Unreviewed
CVE-2026-13543 was published Jun 29, 2026
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2026-13546 was published Jun 29, 2026
Relyra SAML SignatureValue not cryptographically verified -> authentication bypass Critical
CVE-2026-49454 was published for relyra (Erlang) Jun 26, 2026
TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished... Moderate Unreviewed
CVE-2026-55962 was published Jun 26, 2026
Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the... Moderate Unreviewed
CVE-2026-11703 was published Jun 26, 2026
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for... Moderate Unreviewed
CVE-2026-13208 was published Jun 24, 2026
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server... High Unreviewed
CVE-2026-12112 was published Jun 23, 2026
The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129.... Low Unreviewed
CVE-2026-44961 was published Jun 23, 2026
Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API... Moderate Unreviewed
CVE-2026-34917 was published Jun 23, 2026
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus,... Critical Unreviewed
CVE-2026-11374 was published Jun 23, 2026
motionEye: Authentication possible via password hash Critical
CVE-2026-46488 was published for motioneye (pip) Jun 22, 2026
FireByteApplications Credited to FireByteApplications, 0xLynk, dimashn04, C4spr0x1A, sighnwaive, MichaIng, Marijn0, and zagrim 0xLynk 0xLynk
dimashn04 dimashn04 C4spr0x1A C4spr0x1A sighnwaive sighnwaive MichaIng MichaIng Marijn0 Marijn0 zagrim zagrim
Paymenter doesn't reset email verification status after email change Moderate
CVE-2026-44584 was published for paymenter/paymenter (Composer) Jun 22, 2026
ljskatt Credited to ljskatt and CorwinDev CorwinDev CorwinDev
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected... Critical Unreviewed
CVE-2026-7664 was published Jun 22, 2026
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass... High Unreviewed
CVE-2026-10845 was published Jun 22, 2026
A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json... Moderate Unreviewed
CVE-2026-12795 was published Jun 21, 2026
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function... Moderate Unreviewed
CVE-2026-12773 was published Jun 21, 2026
AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's... Critical Unreviewed
CVE-2026-56345 was published Jun 20, 2026
capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where... Moderate Unreviewed
CVE-2026-56294 was published Jun 20, 2026
Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin... Moderate Unreviewed
CVE-2026-56080 was published Jun 20, 2026
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-45480 was published Jun 19, 2026
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced High
CVE-2026-54781 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a... Moderate Unreviewed
CVE-2026-49872 was published Jun 19, 2026
OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset Moderate
CVE-2026-55689 was published for github.com/openfga/openfga (Go) Jun 19, 2026
0xVijay Credited to 0xVijay
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database