GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
641 advisories
Filter by severity
A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the...
Low
Unreviewed
CVE-2026-10812
was published
Jun 4, 2026
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data...
Low
Unreviewed
CVE-2026-10803
was published
Jun 4, 2026
A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the...
Low
Unreviewed
CVE-2026-10804
was published
Jun 4, 2026
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the...
Low
Unreviewed
CVE-2026-10801
was published
Jun 4, 2026
A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is...
Low
Unreviewed
CVE-2026-10800
was published
Jun 4, 2026
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function...
Low
Unreviewed
CVE-2026-10783
was published
Jun 4, 2026
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils...
Low
Unreviewed
CVE-2026-10766
was published
Jun 3, 2026
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication...
High
Unreviewed
CVE-2026-36609
was published
Jun 3, 2026
Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM)...
Moderate
Unreviewed
CVE-2026-49323
was published
May 29, 2026
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic...
Moderate
Unreviewed
CVE-2025-46371
was published
May 26, 2026
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which...
High
Unreviewed
CVE-2026-44053
was published
May 21, 2026
HAXcms: Private Key Disclosure via Broken HMAC Implementation
Critical
CVE-2026-46395
was published
for
@haxtheweb/haxcms-nodejs
(npm)
May 19, 2026
Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
Moderate
CVE-2026-45701
was published
for
sulu/sulu
(Composer)
May 18, 2026
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the...
Moderate
Unreviewed
CVE-2026-8803
was published
May 18, 2026
Insecure generation of credentials in the local SAT (Technical Support) access functionality of...
Critical
Unreviewed
CVE-2026-8072
was published
May 12, 2026
This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow...
High
Unreviewed
CVE-2026-6411
was published
May 8, 2026
Paramiko rsakey.py allows the SHA-1 algorithm
Low
CVE-2026-44405
was published
for
paramiko
(pip)
May 6, 2026
Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm
Low
CVE-2026-7845
was published
for
langchain-chatchat
(pip)
May 5, 2026
A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function...
Moderate
Unreviewed
CVE-2026-7103
was published
Apr 27, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container...
Moderate
Unreviewed
CVE-2026-5926
was published
Apr 23, 2026
Gitea has insecure default SSH settings
Moderate
GHSA-3m6q-h5gj-7mrw
was published
for
code.gitea.io/gitea
(Go)
Apr 22, 2026
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a...
High
Unreviewed
CVE-2026-32959
was published
Apr 20, 2026
Flowise: Weak Default JWT Secrets
Moderate
GHSA-cc4f-hjpj-g9p8
was published
for
flowise
(npm)
Apr 16, 2026
Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules
Moderate
CVE-2026-5588
was published
for
org.bouncycastle:bcpkix-debug-jdk14
(Maven)
Apr 15, 2026
Apache Tomcat: Configured cipher preference order not preserved
High
CVE-2026-29129
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 9, 2026
ProTip!
Advisories are also available from the
GraphQL API