GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
447 advisories
Filter by severity
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing...
Moderate
Unreviewed
CVE-2026-61428
was published
Jul 11, 2026
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module...
Low
Unreviewed
CVE-2026-8651
was published
Jul 8, 2026
n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks...
Moderate
Unreviewed
CVE-2026-56360
was published
Jul 8, 2026
Authentication Bypass by Spoofing vulnerability in Apache IoTDB.
Certain Thrift RPC query...
Critical
Unreviewed
CVE-2026-24013
was published
Jul 6, 2026
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2026-45489
was published
Jul 3, 2026
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote...
Moderate
Unreviewed
CVE-2026-14381
was published
Jul 2, 2026
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated...
High
Unreviewed
CVE-2026-58593
was published
Jul 1, 2026
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication....
Critical
Unreviewed
CVE-2026-24270
was published
Jul 1, 2026
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-14118
was published
Jul 1, 2026
Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-13985
was published
Jul 1, 2026
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-13984
was published
Jul 1, 2026
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path...
High
Unreviewed
CVE-2026-13207
was published
Jun 30, 2026
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author....
Critical
Unreviewed
CVE-2026-58370
was published
Jun 30, 2026
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS,...
Moderate
Unreviewed
CVE-2026-52690
was published
Jun 25, 2026
Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed...
Low
Unreviewed
CVE-2026-49231
was published
Jun 19, 2026
Authentication Bypass by Spoofing vulnerability in Apache APISIX.
The attacker can completely...
High
Unreviewed
CVE-2026-39999
was published
Jun 19, 2026
The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user...
Critical
Unreviewed
CVE-2026-56020
was published
Jun 18, 2026
Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header...
High
Unreviewed
CVE-2026-55202
was published
Jun 17, 2026
Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.
Moderate
Unreviewed
CVE-2026-42662
was published
Jun 15, 2026
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
High
Unreviewed
CVE-2026-27089
was published
Jun 15, 2026
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization...
Critical
Unreviewed
CVE-2026-36537
was published
Jun 15, 2026
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction...
Moderate
Unreviewed
CVE-2026-34025
was published
Jun 15, 2026
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local...
High
Unreviewed
CVE-2026-53832
was published
Jun 13, 2026
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming...
High
Unreviewed
CVE-2026-53833
was published
Jun 13, 2026
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature...
High
Unreviewed
CVE-2026-53823
was published
Jun 13, 2026
ProTip!
Advisories are also available from the
GraphQL API