GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
27,352 advisories
Filter by severity
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables,...
Critical
Unreviewed
CVE-2026-61876
was published
Jul 12, 2026
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
Critical
Unreviewed
CVE-2026-60090
was published
Jul 11, 2026
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent...
Critical
Unreviewed
CVE-2026-61447
was published
Jul 11, 2026
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
Critical
Unreviewed
CVE-2026-61445
was published
Jul 11, 2026
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57828
was published
Jul 11, 2026
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57827
was published
Jul 11, 2026
The charging station websocket endpoint accepts connections without
proper authentication, which...
Critical
Unreviewed
CVE-2026-20744
was published
Jul 11, 2026
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest...
Critical
Unreviewed
CVE-2026-15089
was published
Jul 11, 2026
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.
Critical
Unreviewed
CVE-2026-11913
was published
Jul 11, 2026
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in...
Critical
Unreviewed
CVE-2026-55809
was published
Jul 11, 2026
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in...
Critical
Unreviewed
CVE-2026-55810
was published
Jul 11, 2026
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue...
Critical
Unreviewed
CVE-2026-13237
was published
Jul 11, 2026
Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue...
Critical
Unreviewed
CVE-2026-13236
was published
Jul 11, 2026
Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects...
Critical
Unreviewed
CVE-2026-13239
was published
Jul 11, 2026
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue...
Critical
Unreviewed
CVE-2026-13240
was published
Jul 11, 2026
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful...
Critical
Unreviewed
CVE-2026-13238
was published
Jul 11, 2026
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue...
Critical
Unreviewed
CVE-2026-13241
was published
Jul 11, 2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site...
Critical
Unreviewed
CVE-2026-13243
was published
Jul 11, 2026
Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This...
Critical
Unreviewed
CVE-2026-10768
was published
Jul 11, 2026
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in...
Critical
Unreviewed
CVE-2026-12535
was published
Jul 11, 2026
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback)...
Critical
Unreviewed
CVE-2026-13232
was published
Jul 11, 2026
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side...
Critical
Unreviewed
CVE-2026-13233
was published
Jul 11, 2026
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful...
Critical
Unreviewed
CVE-2026-13235
was published
Jul 11, 2026
Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing....
Critical
Unreviewed
CVE-2026-11909
was published
Jul 11, 2026
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Critical
Unreviewed
CVE-2026-12761
was published
Jul 10, 2026
ProTip!
Advisories are also available from the
GraphQL API