GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
2,005 advisories
Filter by severity
Clauster: Non-loopback deployments can serve the dashboard unauthenticated when auth.enabled is unset
High
GHSA-h4g2-xfmw-q2c9
was published
for
clauster
(pip)
Jul 10, 2026
File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)
Critical
CVE-2026-54088
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Jul 10, 2026
SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon
Moderate
CVE-2026-54068
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Jul 10, 2026
Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker...
Moderate
Unreviewed
CVE-2026-57476
was published
Jul 10, 2026
Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API...
Moderate
Unreviewed
CVE-2026-57475
was published
Jul 10, 2026
Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling...
High
Unreviewed
CVE-2026-40006
was published
Jul 10, 2026
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication....
High
Unreviewed
CVE-2026-38059
was published
Jul 10, 2026
Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that...
Critical
Unreviewed
CVE-2026-58123
was published
Jul 10, 2026
An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto...
Moderate
Unreviewed
CVE-2026-0283
was published
Jul 9, 2026
Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS
High
CVE-2026-48989
was published
for
windows-mcp
(pip)
May 21, 2026
The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov...
Moderate
Unreviewed
CVE-2026-61344
was published
Jul 9, 2026
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint....
Moderate
Unreviewed
CVE-2026-31983
was published
Jul 9, 2026
Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication...
High
Unreviewed
CVE-2026-59804
was published
Jul 8, 2026
Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
High
CVE-2026-49471
was published
for
serena-agent
(pip)
Jul 8, 2026
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
Critical
CVE-2026-53649
was published
for
github.com/BishopFox/joro
(Go)
Jul 8, 2026
A flaw was found in the gorch service template, which is part of the trustyai-service-operator....
Moderate
Unreviewed
CVE-2026-15063
was published
Jul 8, 2026
An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the...
High
Unreviewed
CVE-2026-51937
was published
Jul 8, 2026
Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security...
Moderate
Unreviewed
CVE-2026-30799
was published
Jun 17, 2026
Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security...
Moderate
Unreviewed
CVE-2026-2675
was published
Jun 17, 2026
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and...
Critical
Unreviewed
CVE-2026-59706
was published
Jul 8, 2026
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows...
Critical
Unreviewed
CVE-2026-59705
was published
Jul 8, 2026
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
Moderate
GHSA-q855-8rh5-jfgq
was published
for
ha-mcp
(pip)
Jul 7, 2026
Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated...
Critical
Unreviewed
CVE-2026-58473
was published
Jul 7, 2026
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
Critical
CVE-2026-53512
was published
for
better-auth
(npm)
Jul 7, 2026
9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats
Critical
GHSA-vjc7-jrh9-9j86
was published
for
9router
(npm)
Jul 6, 2026
ProTip!
Advisories are also available from the
GraphQL API