Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,416
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,657
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

603 advisories

Loading
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control... Critical Unreviewed
CVE-2026-22207 was published Feb 26, 2026
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code... Critical Unreviewed
CVE-2026-22679 was published Apr 7, 2026
mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization Critical
CVE-2026-0545 was published for mlflow (pip) Apr 3, 2026
PraisonAI Has Missing Authentication in WebSocket Gateway Critical
CVE-2026-34952 was published for praisonai (pip) Apr 1, 2026
YeranG30 Credited to YeranG30
HiOS Switch Platform contains a denial-of-service vulnerability in the web interface that allows... Critical Unreviewed
CVE-2025-15620 was published Apr 2, 2026
A specific endpoint exposes all user account information for registered Gardyn users without... Critical Unreviewed
CVE-2026-28766 was published Apr 3, 2026
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker... Critical Unreviewed
CVE-2026-32211 was published Apr 3, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API... Critical Unreviewed
CVE-2024-50486 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation... Critical Unreviewed
CVE-2024-50489 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile... Critical Unreviewed
CVE-2024-50477 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple... Critical Unreviewed
CVE-2024-49604 was published Oct 20, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API... Critical Unreviewed
CVE-2024-50487 was published Oct 28, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST... Critical Unreviewed
CVE-2024-49328 was published Oct 20, 2024
The MAVLink communication protocol does not require cryptographic authentication by default.... Critical Unreviewed
CVE-2026-1579 was published Mar 31, 2026
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows... Critical Unreviewed
CVE-2026-3356 was published Mar 31, 2026
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover Critical
CVE-2026-33032 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
yotampe-pluto Credited to yotampe-pluto
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint Critical
CVE-2026-33017 was published for langflow (pip) Mar 17, 2026
Aviral2642 Credited to Aviral2642, andifilhohub, Jkavia, and srmish-jfrog andifilhohub andifilhohub
Jkavia Jkavia srmish-jfrog srmish-jfrog
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show... Critical Unreviewed
CVE-2026-2417 was published Mar 24, 2026
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege... Critical Unreviewed
CVE-2019-25568 was published Mar 21, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-25192 was published Mar 21, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-29796 was published Mar 21, 2026
A missing authentication for critical function vulnerability has been reported to affect QVR Pro.... Critical Unreviewed
CVE-2026-22898 was published Mar 20, 2026
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST... Critical Unreviewed
CVE-2026-21992 was published Mar 20, 2026
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload... Critical Unreviewed
CVE-2026-32985 was published Mar 20, 2026
MCP Connect has unauthenticated remote OS command execution via /bridge endpoint Critical
GHSA-wvr4-3wq4-gpc5 was published for mcp-bridge (npm) Mar 19, 2026
riczardo Credited to riczardo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database