GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
118,217 advisories
Filter by severity
UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme ...
High
Unreviewed
CVE-2026-7830
was published
Jul 1, 2026
UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in...
High
Unreviewed
CVE-2026-7838
was published
Jul 1, 2026
The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is...
High
Unreviewed
CVE-2026-13731
was published
Jul 1, 2026
UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB...
High
Unreviewed
CVE-2026-7831
was published
Jul 1, 2026
UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow...
High
Unreviewed
CVE-2026-7829
was published
Jul 1, 2026
The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross...
High
Unreviewed
CVE-2026-7517
was published
Jul 1, 2026
The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up...
High
Unreviewed
CVE-2026-12923
was published
Jul 1, 2026
The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is...
High
Unreviewed
CVE-2026-13468
was published
Jul 1, 2026
An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR ...
High
Unreviewed
CVE-2026-14191
was published
Jul 1, 2026
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController:...
High
Unreviewed
CVE-2026-57995
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion...
High
Unreviewed
CVE-2026-56286
was published
Jul 1, 2026
Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist...
High
Unreviewed
CVE-2026-56328
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation...
High
Unreviewed
CVE-2026-56249
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts...
High
Unreviewed
CVE-2026-56320
was published
Jul 1, 2026
Capgo before 12.128.2 contains unauthenticated security definer RPC functions get_user_id and...
High
Unreviewed
CVE-2026-56300
was published
Jul 1, 2026
Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that...
High
Unreviewed
CVE-2026-56233
was published
Jul 1, 2026
Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without...
High
Unreviewed
CVE-2026-56247
was published
Jul 1, 2026
Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public...
High
Unreviewed
CVE-2026-56219
was published
Jul 1, 2026
Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey...
High
Unreviewed
CVE-2026-56230
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when...
High
Unreviewed
CVE-2025-71374
was published
Jul 1, 2026
picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle...
High
Unreviewed
CVE-2025-71368
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when...
High
Unreviewed
CVE-2025-71352
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter...
High
Unreviewed
CVE-2025-71371
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing...
High
Unreviewed
CVE-2025-71349
was published
Jul 1, 2026
yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that...
High
Unreviewed
CVE-2026-58448
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API