GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
27,235 advisories
Filter by severity
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent...
Critical
Unreviewed
CVE-2026-61447
was published
Jul 11, 2026
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
Critical
Unreviewed
CVE-2026-61445
was published
Jul 11, 2026
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
Critical
Unreviewed
CVE-2026-60090
was published
Jul 11, 2026
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57828
was published
Jul 11, 2026
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-57827
was published
Jul 11, 2026
The charging station websocket endpoint accepts connections without
proper authentication, which...
Critical
Unreviewed
CVE-2026-20744
was published
Jul 11, 2026
An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the ...
Critical
Unreviewed
CVE-2026-51119
was published
Jul 10, 2026
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Critical
Unreviewed
CVE-2026-12761
was published
Jul 10, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
Critical
Unreviewed
CVE-2026-57807
was published
Jul 10, 2026
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured...
Critical
Unreviewed
CVE-2026-61459
was published
Jul 10, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-5801
was published
Jul 10, 2026
The incremental HTML parser (html.parser.HTMLParser) allows for CPU
denial-of-service through...
Critical
Unreviewed
CVE-2026-15308
was published
Jul 9, 2026
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the...
Critical
Unreviewed
CVE-2026-13461
was published
Jul 9, 2026
A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this...
Critical
Unreviewed
CVE-2026-56292
was published
Jul 9, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2026-40005
was published
Jul 10, 2026
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability...
Critical
Unreviewed
CVE-2026-40008
was published
Jul 10, 2026
Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache...
Critical
Unreviewed
CVE-2026-28564
was published
Jul 10, 2026
MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in...
Critical
Unreviewed
CVE-2026-51597
was published
Jul 9, 2026
An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5...
Critical
Unreviewed
CVE-2026-51599
was published
Jul 9, 2026
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that...
Critical
Unreviewed
CVE-2026-56291
was published
Jul 9, 2026
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or...
Critical
Unreviewed
CVE-2020-24881
was published
May 24, 2022
Improper neutralization of special elements used in an SQL command ('SQL injection')...
Critical
Unreviewed
CVE-2026-2397
was published
Jul 10, 2026
A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability...
Critical
Unreviewed
CVE-2026-15143
was published
Jul 10, 2026
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the...
Critical
Unreviewed
CVE-2026-48939
was published
Jun 20, 2026
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint...
Critical
Unreviewed
CVE-2026-56765
was published
Jul 10, 2026
ProTip!
Advisories are also available from the
GraphQL API