Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,862 advisories

Loading
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A... Critical Unreviewed
CVE-2025-71318 was published Jun 5, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an... Moderate Unreviewed
CVE-2026-11238 was published Jun 5, 2026
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run... High Unreviewed
CVE-2024-27890 was published Jun 5, 2026
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run... High Unreviewed
CVE-2024-27892 was published Jun 5, 2026
Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution... Critical Unreviewed
CVE-2026-25550 was published Jun 4, 2026
epa4all-client: Unauthenticated REST API for Patient Record Writes Moderate
CVE-2026-47672 was published for com.oviva.telematik:epa4all-rest-service (Maven) Jun 4, 2026
snomi Credited to snomi and Volcore Volcore Volcore
Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets Moderate
CVE-2026-47671 was published for github.com/nhost/nhost (Go) Jun 4, 2026
sondt99 Credited to sondt99
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that... Critical Unreviewed
CVE-2019-25738 was published Jun 4, 2026
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing... High Unreviewed
CVE-2026-50225 was published Jun 4, 2026
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions... High Unreviewed
CVE-2026-36603 was published Jun 3, 2026
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an... Critical Unreviewed
CVE-2026-0611 was published Jun 2, 2026
Cryptographic Issue while processing a specific partition which allows unauthorized write access... High Unreviewed
CVE-2026-24088 was published Jun 2, 2026
Cryptographic issue while processing partition table entries allows unauthorized modification of... High Unreviewed
CVE-2026-24090 was published Jun 2, 2026
@agenticmail/mcp Missing Authentication for Critical Function High
GHSA-63gr-g7jc-v8rg was published for @agenticmail/mcp (npm) Jun 1, 2026
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2018-25412 was published May 30, 2026
PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution Critical
CVE-2026-47391 was published for PraisonAI (pip) May 29, 2026
foxirain Credited to foxirain
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default Critical
CVE-2026-47393 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset Critical
CVE-2026-47396 was published for PraisonAI (pip) May 29, 2026
beanduan22 Credited to beanduan22
Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification Moderate
CVE-2026-47212 was published for symfony/symfony (Composer) May 29, 2026
nicolas-grekas Credited to nicolas-grekas
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard... Critical Unreviewed
CVE-2026-9051 was published May 29, 2026
Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection Moderate
CVE-2026-47122 was published for github.com/sparkle-project/Sparkle (Swift) May 29, 2026
fg0x0 Credited to fg0x0
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT... High Unreviewed
CVE-2026-5768 was published May 29, 2026
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without... High Unreviewed
CVE-2026-49195 was published May 29, 2026
The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator... Critical Unreviewed
CVE-2026-8732 was published May 29, 2026
Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal... High Unreviewed
CVE-2026-46826 was published May 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database