GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
27,239 advisories
Filter by severity
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability...
Critical
Unreviewed
CVE-2026-4769
was published
Jul 13, 2026
This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon...
Critical
Unreviewed
CVE-2026-14453
was published
Jul 13, 2026
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT...
Critical
Unreviewed
CVE-2026-56271
was published
Jul 12, 2026
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables,...
Critical
Unreviewed
CVE-2026-61876
was published
Jul 12, 2026
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
Critical
Unreviewed
CVE-2026-60090
was published
Jul 11, 2026
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent...
Critical
Unreviewed
CVE-2026-61447
was published
Jul 11, 2026
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
Critical
Unreviewed
CVE-2026-61445
was published
Jul 11, 2026
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57827
was published
Jul 11, 2026
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57828
was published
Jul 11, 2026
The charging station websocket endpoint accepts connections without
proper authentication, which...
Critical
Unreviewed
CVE-2026-20744
was published
Jul 11, 2026
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Critical
Unreviewed
CVE-2026-12761
was published
Jul 10, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
Critical
Unreviewed
CVE-2026-57807
was published
Jul 10, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-5801
was published
Jul 10, 2026
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured...
Critical
Unreviewed
CVE-2026-61459
was published
Jul 10, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-2397
was published
Jul 10, 2026
A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability...
Critical
Unreviewed
CVE-2026-15143
was published
Jul 10, 2026
An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the ...
Critical
Unreviewed
CVE-2026-51119
was published
Jul 10, 2026
PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where...
Critical
Unreviewed
CVE-2026-61444
was published
Jul 10, 2026
In JetBrains IntelliJ IDEA before 2026.1.4,
2026.2 code execution via path traversal in project...
Critical
Unreviewed
CVE-2026-59792
was published
Jul 10, 2026
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint...
Critical
Unreviewed
CVE-2026-56765
was published
Jul 10, 2026
Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker...
Critical
Unreviewed
CVE-2026-56261
was published
Jul 10, 2026
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of...
Critical
Unreviewed
CVE-2026-56688
was published
Jul 10, 2026
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR)...
Critical
Unreviewed
CVE-2026-41880
was published
Jul 10, 2026
A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote...
Critical
Unreviewed
CVE-2026-15378
was published
Jul 10, 2026
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability...
Critical
Unreviewed
CVE-2026-40008
was published
Jul 10, 2026
ProTip!
Advisories are also available from the
GraphQL API