GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
27,235 advisories
Filter by severity
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
Critical
Unreviewed
CVE-2026-61445
was published
Jul 11, 2026
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent...
Critical
Unreviewed
CVE-2026-61447
was published
Jul 11, 2026
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
Critical
Unreviewed
CVE-2026-60090
was published
Jul 11, 2026
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57828
was published
Jul 11, 2026
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57827
was published
Jul 11, 2026
The charging station websocket endpoint accepts connections without
proper authentication, which...
Critical
Unreviewed
CVE-2026-20744
was published
Jul 11, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
Critical
Unreviewed
CVE-2026-57807
was published
Jul 10, 2026
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Critical
Unreviewed
CVE-2026-12761
was published
Jul 10, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-5801
was published
Jul 10, 2026
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured...
Critical
Unreviewed
CVE-2026-61459
was published
Jul 10, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-2397
was published
Jul 10, 2026
An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the ...
Critical
Unreviewed
CVE-2026-51119
was published
Jul 10, 2026
A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability...
Critical
Unreviewed
CVE-2026-15143
was published
Jul 10, 2026
PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where...
Critical
Unreviewed
CVE-2026-61444
was published
Jul 10, 2026
In JetBrains IntelliJ IDEA before 2026.1.4,
2026.2 code execution via path traversal in project...
Critical
Unreviewed
CVE-2026-59792
was published
Jul 10, 2026
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint...
Critical
Unreviewed
CVE-2026-56765
was published
Jul 10, 2026
Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker...
Critical
Unreviewed
CVE-2026-56261
was published
Jul 10, 2026
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of...
Critical
Unreviewed
CVE-2026-56688
was published
Jul 10, 2026
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR)...
Critical
Unreviewed
CVE-2026-41880
was published
Jul 10, 2026
A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote...
Critical
Unreviewed
CVE-2026-15378
was published
Jul 10, 2026
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability...
Critical
Unreviewed
CVE-2026-40008
was published
Jul 10, 2026
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache...
Critical
Unreviewed
CVE-2026-28564
was published
Jul 10, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2026-40005
was published
Jul 10, 2026
The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and...
Critical
Unreviewed
CVE-2026-15300
was published
Jul 10, 2026
The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File...
Critical
Unreviewed
CVE-2026-14894
was published
Jul 10, 2026
ProTip!
Advisories are also available from the
GraphQL API