Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,022
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,403
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,886 advisories

Loading
Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix Critical
CVE-2026-49980 was published for github.com/rclone/rclone (Go) Jun 16, 2026
kamil-sawicki Credited to kamil-sawicki and ncw ncw ncw
n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions High
CVE-2026-54309 was published for n8n (npm) Jun 16, 2026
ESPanda666 Credited to ESPanda666
Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution Critical
GHSA-365w-hqf6-vxfg was published for crawl4ai (pip) Jun 16, 2026
August829 Credited to August829
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below... Critical Unreviewed
CVE-2026-20253 was published Jun 10, 2026
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web... High Unreviewed
CVE-2026-0647 was published Jun 16, 2026
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that... High Unreviewed
CVE-2018-25437 was published Jun 15, 2026
Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register... High Unreviewed
CVE-2026-53868 was published Jun 13, 2026
@agenticmail/mcp Missing Authentication for Critical Function High
CVE-2026-50287 was published for @agenticmail/mcp (npm) Jun 1, 2026
Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an... Moderate Unreviewed
CVE-2026-8694 was published Jun 12, 2026
The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email... Moderate Unreviewed
CVE-2026-50082 was published Jun 12, 2026
The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards... High Unreviewed
CVE-2026-50085 was published Jun 12, 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... Critical Unreviewed
CVE-2026-35273 was published Jun 11, 2026
The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication... High Unreviewed
CVE-2026-11848 was published Jun 12, 2026
The authentication mechanism of a certain function in the PcSuite has a defect, which may result... High Unreviewed
CVE-2026-11535 was published Jun 12, 2026
Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that... Critical Unreviewed
CVE-2026-49973 was published Jun 11, 2026
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and... High Unreviewed
CVE-2026-50245 was published Jun 11, 2026
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS High
CVE-2026-48050 was published for github.com/basekick-labs/arc (Go) Jun 11, 2026
NeuroWinter Credited to NeuroWinter
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives High
CVE-2026-46612 was published for github.com/fission/fission (Go) May 21, 2026
j311yl0v3u Credited to j311yl0v3u, b0b0haha, and sanketsudake b0b0haha b0b0haha
sanketsudake sanketsudake
A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by... Critical Unreviewed
CVE-2026-53469 was published Jun 10, 2026
During an internal security assessment, a potential vulnerability was discovered in Lenovo... High Unreviewed
CVE-2026-9045 was published Jun 10, 2026
A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows... High Unreviewed
CVE-2026-8335 was published Jun 10, 2026
Missing authentication for critical function in Microsoft PC Manager allows an authorized... High Unreviewed
CVE-2026-50512 was published Jun 9, 2026
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a... Moderate Unreviewed
CVE-2026-50507 was published Jun 9, 2026
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-47281 was published Jun 9, 2026
TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection High
CVE-2026-45327 was published for github.com/DatanoiseTV/tinyice (Go) May 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database