GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
420 advisories
Filter by severity
Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker...
Moderate
Unreviewed
CVE-2026-57476
was published
Jul 10, 2026
Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API...
Moderate
Unreviewed
CVE-2026-57475
was published
Jul 10, 2026
An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto...
Moderate
Unreviewed
CVE-2026-0283
was published
Jul 9, 2026
The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov...
Moderate
Unreviewed
CVE-2026-61344
was published
Jul 9, 2026
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint....
Moderate
Unreviewed
CVE-2026-31983
was published
Jul 9, 2026
A flaw was found in the gorch service template, which is part of the trustyai-service-operator....
Moderate
Unreviewed
CVE-2026-15063
was published
Jul 8, 2026
Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured...
Moderate
Unreviewed
CVE-2026-58446
was published
Jul 1, 2026
Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows...
Moderate
Unreviewed
CVE-2026-4522
was published
Jun 25, 2026
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router...
Moderate
Unreviewed
CVE-2026-56262
was published
Jun 24, 2026
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3...
Moderate
Unreviewed
CVE-2026-41047
was published
Jun 22, 2026
Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17...
Moderate
Unreviewed
CVE-2026-6673
was published
Jun 22, 2026
Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId...
Moderate
Unreviewed
CVE-2026-56299
was published
Jun 21, 2026
AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage...
Moderate
Unreviewed
CVE-2026-56346
was published
Jun 20, 2026
A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian...
Moderate
Unreviewed
CVE-2026-12527
was published
Jun 18, 2026
Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security...
Moderate
Unreviewed
CVE-2026-30799
was published
Jun 17, 2026
Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security...
Moderate
Unreviewed
CVE-2026-2675
was published
Jun 17, 2026
The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email...
Moderate
Unreviewed
CVE-2026-50082
was published
Jun 12, 2026
Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an...
Moderate
Unreviewed
CVE-2026-8694
was published
Jun 12, 2026
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a...
Moderate
Unreviewed
CVE-2026-50507
was published
Jun 9, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an...
Moderate
Unreviewed
CVE-2026-11238
was published
Jun 5, 2026
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1...
Moderate
Unreviewed
CVE-2026-45248
was published
May 15, 2026
Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker...
Moderate
Unreviewed
CVE-2025-62619
was published
May 14, 2026
Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access...
Moderate
Unreviewed
CVE-2026-0247
was published
May 13, 2026
The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API...
Moderate
Unreviewed
CVE-2026-31244
was published
May 12, 2026
The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and...
Moderate
Unreviewed
CVE-2026-31243
was published
May 12, 2026
ProTip!
Advisories are also available from the
GraphQL API