Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,413
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,656
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,698 advisories

Loading
Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket High
CVE-2026-39363 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, CodeAnt-AI-Security, tronglinh23, and bluwy CodeAnt-AI-Security CodeAnt-AI-Security
tronglinh23 tronglinh23 bluwy bluwy
strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol High
CVE-2026-35523 was published for strawberry-graphql (pip) Apr 6, 2026
bellini666 Credited to bellini666, patrick91, katzj, and WesR patrick91 patrick91
katzj katzj WesR WesR
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows... High Unreviewed
CVE-2026-4272 was published Apr 6, 2026
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows... High Unreviewed
CVE-2019-25686 was published Apr 5, 2026
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that... High Unreviewed
CVE-2019-25678 was published Apr 5, 2026
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2018-25246 was published Apr 4, 2026
Microsoft VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows... High Unreviewed
CVE-2018-25241 was published Apr 4, 2026
AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php Moderate
CVE-2026-35450 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Signal K Server: Unauthenticated Source Priorities Manipulation Moderate
CVE-2026-33951 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
A specific administrative endpoint notifications is accessible without proper authentication. Moderate Unreviewed
CVE-2026-28767 was published Apr 3, 2026
A specific administrative endpoint is accessible without proper authentication, exposing device... High Unreviewed
CVE-2026-32646 was published Apr 3, 2026
A specific endpoint exposes all user account information for registered Gardyn users without... Critical Unreviewed
CVE-2026-28766 was published Apr 3, 2026
mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization Critical
CVE-2026-0545 was published for mlflow (pip) Apr 3, 2026
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker... Critical Unreviewed
CVE-2026-32211 was published Apr 3, 2026
HiOS Switch Platform contains a denial-of-service vulnerability in the web interface that allows... Critical Unreviewed
CVE-2025-15620 was published Apr 2, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's... Moderate Unreviewed
CVE-2026-29132 was published Apr 2, 2026
HCL BigFix Platform is affected by insufficient authentication.  The application might allow... Moderate Unreviewed
CVE-2026-21767 was published Apr 2, 2026
PraisonAI Has Missing Authentication in WebSocket Gateway Critical
CVE-2026-34952 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints Moderate
CVE-2026-34732 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php High
CVE-2026-34731 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the... Moderate Unreviewed
CVE-2026-34999 was published Apr 1, 2026
Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface Moderate
CVE-2026-34227 was published for github.com/bishopfox/sliver (Go) Mar 31, 2026
skoveit Credited to skoveit
The MAVLink communication protocol does not require cryptographic authentication by default.... Critical Unreviewed
CVE-2026-1579 was published Mar 31, 2026
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows... Critical Unreviewed
CVE-2026-3356 was published Mar 31, 2026
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover Critical
CVE-2026-33032 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
yotampe-pluto Credited to yotampe-pluto
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database