GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
286 advisories
Filter by severity
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing...
Moderate
Unreviewed
CVE-2026-61428
was published
Jul 11, 2026
n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks...
Moderate
Unreviewed
CVE-2026-56360
was published
Jul 8, 2026
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2026-45489
was published
Jul 3, 2026
GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward
Moderate
CVE-2026-45045
was published
for
github.com/gofiber/fiber/v2
(Go)
Jul 2, 2026
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote...
Moderate
Unreviewed
CVE-2026-14381
was published
Jul 2, 2026
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-14118
was published
Jul 1, 2026
Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-13985
was published
Jul 1, 2026
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-13984
was published
Jul 1, 2026
chi Has an IP Spoofing Vulnerability in `middleware.RealIP`
Moderate
GHSA-3fxj-6jh8-hvhx
was published
for
github.com/go-chi/chi/v5/middleware
(Go)
Jun 25, 2026
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS,...
Moderate
Unreviewed
CVE-2026-52690
was published
Jun 25, 2026
n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes
Moderate
CVE-2026-54308
was published
for
n8n
(npm)
Jun 16, 2026
Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.
Moderate
Unreviewed
CVE-2026-42662
was published
Jun 15, 2026
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction...
Moderate
Unreviewed
CVE-2026-34025
was published
Jun 15, 2026
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media...
Moderate
Unreviewed
CVE-2026-5792
was published
Jun 12, 2026
NocoDB: Cross-Workspace Integration Use in Connection Test
Moderate
CVE-2026-47381
was published
for
nocodb
(npm)
Jun 5, 2026
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53...
Moderate
Unreviewed
CVE-2026-11019
was published
Jun 5, 2026
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote...
Moderate
Unreviewed
CVE-2026-11001
was published
Jun 5, 2026
Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment
Moderate
CVE-2026-48016
was published
for
shopware/core
(Composer)
Jun 4, 2026
Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution
Moderate
CVE-2026-45056
was published
for
matrix-sdk-crypto
(Rust)
Jun 4, 2026
Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret
Moderate
CVE-2026-44476
was published
for
doorkeeper-openid_connect
(RubyGems)
Jun 4, 2026
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
Moderate
CVE-2026-45074
was published
for
symfony/security-http
(Composer)
May 27, 2026
Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151 and...
Moderate
Unreviewed
CVE-2026-8961
was published
May 19, 2026
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in...
Moderate
Unreviewed
CVE-2026-8951
was published
May 19, 2026
Fleet: IP spoofing allows bypassing API rate limiting
Moderate
CVE-2026-46356
was published
for
github.com/fleetdm/fleet/v4
(Go)
May 14, 2026
Fleet has a rate limiting bypass via untrusted client IP headers
Moderate
CVE-2026-24000
was published
for
github.com/fleetdm/fleet/v4
(Go)
May 14, 2026
ProTip!
Advisories are also available from the
GraphQL API