GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
10,823 advisories
Filter by severity
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote...
High
Unreviewed
CVE-2026-37453
was published
Jun 25, 2026
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote...
High
Unreviewed
CVE-2026-37454
was published
Jun 25, 2026
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote...
High
Unreviewed
CVE-2026-37452
was published
Jun 25, 2026
@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write
Moderate
CVE-2026-46406
was published
for
@anthropic-ai/claude-code
(npm)
Jun 25, 2026
Apple M1 GPUs retain register file data between compute shader dispatches from different...
High
Unreviewed
CVE-2026-49269
was published
Jun 24, 2026
The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive...
Moderate
Unreviewed
CVE-2026-9183
was published
Jun 24, 2026
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive...
Moderate
Unreviewed
CVE-2026-9612
was published
Jun 24, 2026
OpenAM Authenticated Privilege Escalation via Raw Token Disclosure Session RPC
High
CVE-2026-45048
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 23, 2026
Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API
Moderate
CVE-2026-52815
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated ...
High
Unreviewed
CVE-2026-56322
was published
Jun 23, 2026
The vulnerability arises when the system fails to properly validate the 'email' field during the...
Moderate
Unreviewed
CVE-2026-7167
was published
Jun 22, 2026
Vulnerability involving the exposure of sensitive data provided without adequate protection. The...
Critical
Unreviewed
CVE-2026-7166
was published
Jun 22, 2026
Capgo before 12.128.2 contains an unauthenticated security definer RPC function...
High
Unreviewed
CVE-2026-56242
was published
Jun 21, 2026
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated ...
Moderate
Unreviewed
CVE-2026-56282
was published
Jun 20, 2026
Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC...
Moderate
Unreviewed
CVE-2026-56235
was published
Jun 20, 2026
Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account...
Moderate
Unreviewed
CVE-2026-56267
was published
Jun 20, 2026
Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded...
Moderate
Unreviewed
CVE-2026-56218
was published
Jun 20, 2026
Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC...
High
Unreviewed
CVE-2026-56214
was published
Jun 20, 2026
Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST...
High
Unreviewed
CVE-2026-56079
was published
Jun 20, 2026
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field
Moderate
GHSA-h4h3-3rfj-x6fq
was published
for
surrealdb
(Rust)
Jun 19, 2026
parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change
Low
GHSA-97pr-9hgg-3p8r
was published
for
parse-server
(npm)
Jun 19, 2026
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
Critical
CVE-2026-55447
was published
for
langflow
(pip)
Jun 19, 2026
http4k: BasicCookieStorage` (renamed `InsecureCookieStorage`) did not enforce RFC 6265 cookie scoping; new `DefaultCookieStorage` is now the default
Moderate
GHSA-pr33-38xx-6r26
was published
for
org.http4k:http4k-core
(Maven)
Jun 19, 2026
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
Moderate
CVE-2026-55837
was published
for
dbt-mcp
(pip)
Jun 19, 2026
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
Moderate
CVE-2026-11769
was published
for
github.com/grafana/grafana-operator
(Go)
Jun 19, 2026
ProTip!
Advisories are also available from the
GraphQL API