GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,048 advisories
Filter by severity
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability...
Moderate
Unreviewed
CVE-2026-12673
was published
Jun 20, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management...
Moderate
Unreviewed
CVE-2026-56295
was published
Jun 20, 2026
A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function...
Low
Unreviewed
CVE-2026-12797
was published
Jun 21, 2026
@actual-app/sync-server's missing authorization on GET /secret/:name allows non-admin OpenID users to enumerate admin-configured bank-sync secrets
Moderate
CVE-2026-46700
was published
for
@actual-app/sync-server
(npm)
Jun 22, 2026
OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC
High
CVE-2026-45048
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 23, 2026
Snipe-IT has Improper Authorization in File Deletion (IDOR)
Low
CVE-2026-55519
was published
for
snipe/snipe-it
(Composer)
Jun 23, 2026
OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints
Critical
CVE-2026-45052
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jun 24, 2026
Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
Critical
CVE-2026-55166
was published
for
lemur
(pip)
Jun 25, 2026
Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data
Moderate
CVE-2026-49397
was published
for
github.com/nezhahq/nezha
(Go)
Jun 10, 2026
Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)
High
CVE-2026-49338
was published
for
go.senan.xyz/gonic
(Go)
Jun 26, 2026
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This...
Moderate
Unreviewed
CVE-2026-13490
was published
Jun 28, 2026
A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of...
Low
Unreviewed
CVE-2026-13508
was published
Jun 29, 2026
A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function...
Low
Unreviewed
CVE-2026-13512
was published
Jun 29, 2026
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue...
Low
Unreviewed
CVE-2026-13514
was published
Jun 29, 2026
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function...
Low
Unreviewed
CVE-2026-13534
was published
Jun 29, 2026
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected...
Low
Unreviewed
CVE-2026-13549
was published
Jun 29, 2026
OpenAM OAuth Authorization Bypass via PKCE Challenge
Moderate
CVE-2026-48717
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 29, 2026
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
High
Unreviewed
CVE-2026-45490
was published
Jun 9, 2026
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for...
Moderate
Unreviewed
CVE-2026-55956
was published
Jun 29, 2026
Improper Authorization vulnerability in Apache ActiveMQ.
An authenticated low-privilege Web...
High
Unreviewed
CVE-2026-49877
was published
Jun 30, 2026
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users...
Moderate
Unreviewed
CVE-2026-56350
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation...
High
Unreviewed
CVE-2026-56249
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts...
High
Unreviewed
CVE-2026-56320
was published
Jul 1, 2026
SurrealDB: `RELATE` overwrites existing edge records without `UPDATE` permission
Moderate
GHSA-f82j-v89j-mf86
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted
Moderate
CVE-2026-49997
was published
for
surrealdb
(Rust)
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API