GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
597 advisories
Filter by severity
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
High
CVE-2026-54781
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
High
CVE-2026-54774
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
containerd: CRI checkpoint import allows local image tag poisoning
Moderate
CVE-2026-50195
was published
for
github.com/containerd/containerd/v2
(Go)
Jun 19, 2026
symfony/ux-live-component: LiveComponentHydrator HMAC checksum lacks component and slot binding
Low
CVE-2026-49212
was published
for
symfony/ux-live-component
(Composer)
Jun 19, 2026
Insufficient Verification of Data Authenticity vulnerability in Apache APISIX.
The openid...
Moderate
Unreviewed
CVE-2026-44087
was published
Jun 19, 2026
Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream
High
CVE-2026-55883
was published
for
github.com/tilt-dev/tilt
(Go)
Jun 19, 2026
PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
High
GHSA-jc38-x7x8-2xc8
was published
for
web-token/jwt-bundle
(Composer)
Jun 18, 2026
PraisonAI: Webhook signature verification skipped (fail-open) when secret unset, allowing forged inbound webhooks (WhatsApp & Linear bots)
High
GHSA-x92v-rpx6-p6cw
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI DiscordApproval accepts unrelated channel messages as dangerous-tool approvals
High
GHSA-8579-rgg5-ph2m
was published
for
praisonai
(pip)
Jun 18, 2026
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a...
Moderate
Unreviewed
CVE-2026-53899
was published
Jun 16, 2026
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP...
Moderate
Unreviewed
CVE-2026-53900
was published
Jun 16, 2026
hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`
Moderate
CVE-2026-54288
was published
for
hono
(npm)
Jun 16, 2026
@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
High
CVE-2026-54266
was published
for
@angular/common
(npm)
Jun 15, 2026
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for...
High
Unreviewed
CVE-2026-53406
was published
Jun 12, 2026
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning
Moderate
CVE-2026-48096
was published
for
github.com/openfga/openfga
(Go)
Jun 11, 2026
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
Critical
CVE-2026-48063
was published
for
@whiskeysockets/baileys
(npm)
Jun 10, 2026
vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
Moderate
CVE-2026-47155
was published
for
vllm
(pip)
Jun 10, 2026
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
High
CVE-2026-47737
was published
for
puma
(RubyGems)
Jun 9, 2026
Netty has Insufficient Bailiwick Validation for NS Records
High
CVE-2026-47691
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
High
CVE-2026-45674
was published
for
io.netty:netty-resolver-dns
(Maven)
Jun 8, 2026
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More...
Moderate
Unreviewed
CVE-2026-7792
was published
Jun 6, 2026
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2026-8608
was published
Jun 6, 2026
WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
High
CVE-2026-47696
was published
for
WWBN/AVideo
(Composer)
Jun 4, 2026
Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending
High
CVE-2026-45337
was published
for
better-auth
(npm)
Jun 4, 2026
matrix-sdk-ui: Incomplete edit validation
Moderate
CVE-2026-45057
was published
for
matrix-sdk-ui
(Rust)
Jun 4, 2026
ProTip!
Advisories are also available from the
GraphQL API