Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,691 advisories

Loading
AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php Moderate
CVE-2026-35450 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Signal K Server: Unauthenticated Source Priorities Manipulation Moderate
CVE-2026-33951 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
A specific administrative endpoint notifications is accessible without proper authentication. Moderate Unreviewed
CVE-2026-28767 was published Apr 3, 2026
A specific administrative endpoint is accessible without proper authentication, exposing device... High Unreviewed
CVE-2026-32646 was published Apr 3, 2026
A specific endpoint exposes all user account information for registered Gardyn users without... Critical Unreviewed
CVE-2026-28766 was published Apr 3, 2026
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by... Critical Unreviewed
CVE-2026-0545 was published Apr 3, 2026
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker... Critical Unreviewed
CVE-2026-32211 was published Apr 3, 2026
HiOS Switch Platform contains a denial-of-service vulnerability in the web interface that allows... Critical Unreviewed
CVE-2025-15620 was published Apr 2, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's... Moderate Unreviewed
CVE-2026-29132 was published Apr 2, 2026
HCL BigFix Platform is affected by insufficient authentication.  The application might allow... Moderate Unreviewed
CVE-2026-21767 was published Apr 2, 2026
PraisonAI Has Missing Authentication in WebSocket Gateway Critical
CVE-2026-34952 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints Moderate
CVE-2026-34732 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php High
CVE-2026-34731 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the... Moderate Unreviewed
CVE-2026-34999 was published Apr 1, 2026
Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface Moderate
CVE-2026-34227 was published for github.com/bishopfox/sliver (Go) Mar 31, 2026
skoveit Credited to skoveit
The MAVLink communication protocol does not require cryptographic authentication by default.... Critical Unreviewed
CVE-2026-1579 was published Mar 31, 2026
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows... Critical Unreviewed
CVE-2026-3356 was published Mar 31, 2026
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover Critical
CVE-2026-33032 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
yotampe-pluto Credited to yotampe-pluto
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated... High Unreviewed
CVE-2018-25224 was published Mar 28, 2026
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated... High Unreviewed
CVE-2018-25225 was published Mar 28, 2026
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without... Moderate Unreviewed
CVE-2026-34411 was published Mar 27, 2026
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may... Moderate Unreviewed
CVE-2026-33366 was published Mar 27, 2026
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows... Moderate Unreviewed
CVE-2026-3527 was published Mar 26, 2026
The VSL privileged helper does utilize NSXPC for IPC. The implementation of the ... High Unreviewed
CVE-2026-24068 was published Mar 26, 2026
AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment High
CVE-2026-33719 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database