GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,338
Maven
5,000+
npm
5,000+
NuGet
1,032
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
164,136 advisories
Filter by severity
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes
Moderate
CVE-2026-53496
was published
for
exifreader
(npm)
Jul 17, 2026
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
Moderate
CVE-2026-54561
was published
for
mcp-memory-keeper
(npm)
Jul 17, 2026
Formie: Missing authorization in administrative settings allows low-privileged CP users to modify plugin configuration
Moderate
GHSA-cvpc-hccg-wmw4
was published
for
verbb/formie
(Composer)
Jul 17, 2026
TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard
Moderate
CVE-2026-54546
was published
for
@tak-ps/cloudtak
(npm)
Jul 17, 2026
plone.restapi: Stored XSS by spoofing mime type
Moderate
GHSA-8rqh-vxpr-x77p
was published
for
plone.restapi
(pip)
Jul 17, 2026
plone.app.textfield: Stored XSS by spoofing mime type
Moderate
CVE-2026-54503
was published
for
plone.app.textfield
(pip)
Jul 17, 2026
Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the...
Moderate
Unreviewed
CVE-2026-63308
was published
Jul 17, 2026
SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing...
Moderate
Unreviewed
CVE-2026-63309
was published
Jul 17, 2026
HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing)...
Moderate
Unreviewed
CVE-2026-21760
was published
Jul 17, 2026
Keycloak provides a mechanism called Client Policies to enforce security requirements on clients,...
Moderate
Unreviewed
CVE-2026-16093
was published
Jul 17, 2026
A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This...
Moderate
Unreviewed
CVE-2026-16108
was published
Jul 17, 2026
A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix...
Moderate
Unreviewed
CVE-2026-16103
was published
Jul 17, 2026
A flaw was found in the admin REST API of Keycloak, a solution for identity and access management...
Moderate
Unreviewed
CVE-2026-16106
was published
Jul 17, 2026
HCL DevOps Loop is affected by a Cross-Origin Resource Sharing (CORS) misconfiguration. Improper...
Moderate
Unreviewed
CVE-2026-21761
was published
Jul 17, 2026
A flaw was found in the authentication configuration endpoint of the keycloak-services component,...
Moderate
Unreviewed
CVE-2026-16104
was published
Jul 17, 2026
Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering...
Moderate
Unreviewed
CVE-2026-11763
was published
Jul 17, 2026
TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that...
Moderate
Unreviewed
CVE-2026-63098
was published
Jul 17, 2026
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows...
Moderate
Unreviewed
CVE-2026-63096
was published
Jul 17, 2026
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an...
Moderate
Unreviewed
CVE-2026-15007
was published
Jul 17, 2026
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an...
Moderate
Unreviewed
CVE-2026-15783
was published
Jul 17, 2026
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context...
Moderate
Unreviewed
CVE-2026-63097
was published
Jul 17, 2026
Skipper: Unbounded Request Body Read in Admission Webhook Causes Memory Exhaustion DoS
Moderate
CVE-2026-54247
was published
for
github.com/zalando/skipper
(Go)
Jul 17, 2026
vLLM: Speech-to-text upload size limit is enforced after full UploadFile read
Moderate
CVE-2026-55646
was published
for
vllm
(pip)
Jul 17, 2026
vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models
Moderate
CVE-2026-34760
was published
for
vllm
(pip)
Jul 17, 2026
A flaw was found in the keycloak-services component of Red Hat Build of Keycloak. The issue...
Moderate
Unreviewed
CVE-2026-16089
was published
Jul 17, 2026
ProTip!
Advisories are also available from the
GraphQL API