GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,338
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
131,693 advisories
Filter by severity
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to...
High
Unreviewed
CVE-2026-7755
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files...
High
Unreviewed
CVE-2026-7872
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters...
High
Unreviewed
CVE-2026-8056
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow...
High
Unreviewed
CVE-2026-7667
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery ...
High
Unreviewed
CVE-2026-7754
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the...
High
Unreviewed
CVE-2026-13445
was published
Jul 17, 2026
Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in...
High
Unreviewed
CVE-2026-48373
was published
Jul 17, 2026
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in...
High
Unreviewed
CVE-2026-16118
was published
Jul 17, 2026
IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted...
High
Unreviewed
CVE-2026-9171
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code...
High
Unreviewed
CVE-2026-13448
was published
Jul 17, 2026
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2026-15322
was published
Jul 17, 2026
IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute...
High
Unreviewed
CVE-2026-14499
was published
Jul 17, 2026
IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM...
High
Unreviewed
CVE-2026-13473
was published
Jul 17, 2026
Flask-Reuploaded: Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix variant of CVE-2026-27641)
High
CVE-2026-54567
was published
for
Flask-Reuploaded
(pip)
Jul 17, 2026
Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader
High
CVE-2026-53597
was published
for
@prompty/core
(npm)
Jul 17, 2026
Prompty: Arbitrary file read via file reference expansion
High
CVE-2026-53598
was published
for
@prompty/core
(npm)
Jul 17, 2026
Gitea has insufficient permission checks for Composer package source links
High
CVE-2026-27771
was published
for
code.gitea.io/gitea
(Go)
Jul 17, 2026
meta-ads-mcp: X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token
High
CVE-2026-54547
was published
for
meta-ads-mcp
(pip)
Jul 17, 2026
meta-ads-mcp: Server-Side Request Forgery (SSRF) in `upload_ad_image` via Unrestricted `image_url` Fetch
High
CVE-2026-54549
was published
for
meta-ads-mcp
(pip)
Jul 17, 2026
sh _uid does not drop supplementary groups (incomplete privilege drop)
High
CVE-2026-54552
was published
for
sh
(pip)
Jul 17, 2026
AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
High
CVE-2026-11400
was published
for
software.amazon.jdbc:aws-advanced-jdbc-wrapper
(Maven)
Jul 17, 2026
An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox...
High
Unreviewed
CVE-2026-9585
was published
Jul 17, 2026
An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 ...
High
Unreviewed
CVE-2026-9587
was published
Jul 17, 2026
A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 ...
High
Unreviewed
CVE-2026-9588
was published
Jul 17, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution...
High
Unreviewed
CVE-2026-9762
was published
Jul 17, 2026
ProTip!
Advisories are also available from the
GraphQL API