Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,780 advisories

Loading
Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation Moderate
GHSA-rgj7-vg8v-j4wr was published for github.com/lin-snow/ech0 (Go) May 7, 2026
VashuVats Credited to VashuVats
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections... Critical Unreviewed
CVE-2026-7415 was published May 7, 2026
DevSpace UI Server WebSocket CheckOrigin does not validate source High
CVE-2026-42283 was published for github.com/loft-sh/devspace (Go) May 6, 2026
b0b0haha Credited to b0b0haha
Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover High
CVE-2026-42222 was published for github.com/0xJacky/nginx-ui (Go) May 6, 2026
Kakeru-Ishii Credited to Kakeru-Ishii
Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim High
CVE-2026-42221 was published for github.com/0xJacky/Nginx-UI (Go) May 6, 2026
R1ZZG0D Credited to R1ZZG0D
AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction Moderate
CVE-2026-43881 was published for wwbn/avideo (Composer) May 5, 2026
offset Credited to offset
Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection Moderate
CVE-2026-42303 was published for ethyca-fides (pip) May 5, 2026
RobertKeyser Credited to RobertKeyser and daveqnet daveqnet daveqnet
FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft Critical
CVE-2026-42864 was published for firefighter-incident (pip) May 5, 2026
Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls High
CVE-2026-42856 was published for network-ai (npm) May 5, 2026
232-323 Credited to 232-323 and 2REBCat 2REBCat 2REBCat
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in... Critical Unreviewed
CVE-2023-54342 was published May 5, 2026
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows... Critical Unreviewed
CVE-2023-54344 was published May 5, 2026
pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification via unrestricted `ssl_verify` config (incomplete fix for CVE-2026-33509 / -35463 / -35464 / -35586) Moderate
CVE-2026-42312 was published for pyload-ng (pip) May 4, 2026
shmulc8 Credited to shmulc8
phpVMS has an /importer authorization bypass causing full database wipe Critical
CVE-2026-42569 was published for nabeel/phpvms (Composer) May 4, 2026
peter-bosch Credited to peter-bosch
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the ... Critical Unreviewed
CVE-2026-42796 was published May 4, 2026
django-mdeditor is Missing Authentication for Critical Function Low
CVE-2025-13030 was published for django-mdeditor (pip) Apr 30, 2026
A vulnerability in the access control mechanism of SonicOS may allow certain management interface... High Unreviewed
CVE-2026-0204 was published Apr 29, 2026
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20,... Critical Unreviewed
CVE-2026-41940 was published Apr 29, 2026
Delta Electronics DIAView has an authentication bypass vulnerability. Moderate Unreviewed
CVE-2025-58318 was published Apr 29, 2026
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with... Critical Unreviewed
CVE-2026-3893 was published Apr 28, 2026
An improper access control vulnerability exists in the Cisco Intersight Device Connector for... Moderate Unreviewed
CVE-2026-5944 was published Apr 28, 2026
An unsecured configuration interface on affected devices allows unauthenticated remote attackers... High Unreviewed
CVE-2026-3323 was published Apr 28, 2026
Penetration Testing engineers at Amazon have identified a security flaw related to request... High Unreviewed
CVE-2024-54013 was published Apr 28, 2026
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI... High Unreviewed
CVE-2026-41473 was published Apr 24, 2026
Traefik: Pre-authentication decision bypass due to forwarded alias spoofing High
CVE-2026-39858 was published for github.com/traefik/traefik (Go) Apr 24, 2026
fancymalware Credited to fancymalware
bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection... Moderate Unreviewed
CVE-2026-42095 was published Apr 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database