Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,049 advisories

Loading
DevGuard has improper authorization on public assets High
CVE-2026-48089 was published for github.com/l3montree-dev/devguard (Go) Jun 11, 2026
philipflohr Credited to philipflohr
Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data Moderate
CVE-2026-49397 was published for github.com/nezhahq/nezha (Go) Jun 10, 2026
offset Credited to offset
Dex: Token-exchange endpoint is missing AllowedConnectors enforcement High
GHSA-7qjx-gp9h-65qj was published for github.com/dexidp/dex (Go) Jun 9, 2026
matte1782 Credited to matte1782
nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator High
CVE-2026-47726 was published for github.com/juev/nebula-mesh (Go) Jun 8, 2026
ak2k Credited to ak2k
Shopper: Authorization bypass and RBAC privilege escalation in team settings Critical
CVE-2026-47744 was published for shopper/framework (Composer) Jun 5, 2026
baradika Credited to baradika
Hono: JWT middleware accepts any Authorization scheme, not only Bearer Moderate
CVE-2026-47673 was published for hono (npm) Jun 4, 2026
SQU4NCH Credited to SQU4NCH
whrit Credited to whrit
Apache ActiveMQ server has an incomplete authorization workflow Moderate
CVE-2026-46605 was published for org.apache.activemq:apache-activemq (Maven) Jun 1, 2026
Apache Airflow has an Improper Authorization issue Low
CVE-2026-40963 was published for apache-airflow (pip) Jun 1, 2026
ProTip! Advisories are also available from the GraphQL API