Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,830 advisories

Loading
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives High
CVE-2026-46612 was published for github.com/fission/fission (Go) May 21, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS High
GHSA-vrxg-gm77-7q5g was published for windows-mcp (pip) May 21, 2026
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP... Critical Unreviewed
CVE-2026-9152 was published May 21, 2026
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass... Critical Unreviewed
CVE-2026-9141 was published May 20, 2026
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload... Critical Unreviewed
CVE-2026-20223 was published May 20, 2026
CamoFox MCP: Unauthenticated HTTP MCP browser-control surface High
GHSA-7hgr-7h44-33w2 was published for camofox-mcp (npm) May 19, 2026
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes Critical
CVE-2026-46339 was published for 9router (npm) May 19, 2026
sondt99 Credited to sondt99
Kopia: RCE via SSH ProxyCommand Injection Critical
CVE-2026-45695 was published for github.com/kopia/kopia (Go) May 19, 2026
berardinellidaniele Credited to berardinellidaniele
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could... High Unreviewed
CVE-2026-8602 was published May 19, 2026
API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication... Critical Unreviewed
CVE-2026-31071 was published May 19, 2026
Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication Moderate
GHSA-9v4j-7g44-qcqw was published for github.com/xyproto/algernon (Go) May 19, 2026
Dredsen Credited to Dredsen
TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection High
CVE-2026-45327 was published for github.com/DatanoiseTV/tinyice (Go) May 18, 2026
Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass Moderate
CVE-2026-45577 was published for neotoma (npm) May 18, 2026
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows... Critical Unreviewed
CVE-2018-25332 was published May 17, 2026
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows... Critical Unreviewed
CVE-2018-25335 was published May 17, 2026
AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA Moderate
CVE-2026-45610 was published for WWBN/AVideo (Composer) May 15, 2026
offset Credited to offset
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1... Moderate Unreviewed
CVE-2026-45248 was published May 15, 2026
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure Moderate
CVE-2026-45397 was published for open-webui (pip) May 14, 2026
0xRyuzak1 Credited to 0xRyuzak1
Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker... Moderate Unreviewed
CVE-2025-62619 was published May 14, 2026
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to... High Unreviewed
CVE-2025-27853 was published May 13, 2026
Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access... Moderate Unreviewed
CVE-2026-0247 was published May 13, 2026
Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy Critical
CVE-2026-45083 was published for io.goobi.viewer:viewer-core (Maven) May 13, 2026
SillyTavern has Authentication Bypass via SSO Header Injection Critical
CVE-2026-44649 was published for sillytavern (npm) May 12, 2026
kirakira-dev Credited to kirakira-dev
The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and... Moderate Unreviewed
CVE-2026-31243 was published May 12, 2026
The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API... Moderate Unreviewed
CVE-2026-31245 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database