Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,857
Maven
5,000+
npm
4,488
NuGet
780
pip
4,243
Pub
12
RubyGems
975
Rust
1,095
Swift
49
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

24,650 advisories

Loading
IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability,... Critical Unreviewed
CVE-2026-1363 was published Jan 23, 2026
IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2026-1364 was published Jan 23, 2026
Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2026-0773 was published Jan 23, 2026
GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code... Critical Unreviewed
CVE-2026-0763 was published Jan 23, 2026
Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution... Critical Unreviewed
CVE-2026-0761 was published Jan 23, 2026
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2026-0768 was published Jan 23, 2026
Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code... Critical Unreviewed
CVE-2026-0760 was published Jan 23, 2026
Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2026-0769 was published Jan 23, 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code... Critical Unreviewed
CVE-2026-0770 was published Jan 23, 2026
Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution... Critical Unreviewed
CVE-2026-0759 was published Jan 23, 2026
GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2026-0764 was published Jan 23, 2026
gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2026-0755 was published Jan 23, 2026
github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2026-0756 was published Jan 23, 2026
Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2025-15063 was published Jan 23, 2026
Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability.... Critical Unreviewed
CVE-2025-15061 was published Jan 23, 2026
Improper access control in Azure Resource Manager allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-24304 was published Jan 23, 2026
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-24307 was published Jan 23, 2026
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-24306 was published Jan 23, 2026
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2026-24305 was published Jan 23, 2026
This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication... Critical Unreviewed
CVE-2025-54816 was published Jan 23, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft... Critical Unreviewed
CVE-2026-21264 was published Jan 23, 2026
An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home... Critical Unreviewed
CVE-2026-1201 was published Jan 23, 2026
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818... Critical Unreviewed
CVE-2025-69828 was published Jan 22, 2026
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv... Critical Unreviewed
CVE-2025-69764 was published Jan 22, 2026
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass... Critical Unreviewed
CVE-2026-23760 was published Jan 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database