Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,417
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,658
Pub
13
RubyGems
1,027
Rust
1,211
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover Critical
CVE-2026-33032 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
yotampe-pluto Credited to yotampe-pluto
Linkdave Missing Authentication on REST and WebSocket endpoints Critical
GHSA-xv8g-fj9h-6gmv was published for github.com/shi-gg/linkdave (Go) Mar 10, 2026
shi-gg Credited to shi-gg
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure Critical
CVE-2026-27944 was published for github.com/0xJacky/Nginx-UI (Go) Mar 5, 2026
tenbbughunters Credited to tenbbughunters
Dagu affected by unauthenticated RCE via inline DAG spec in default configuration Critical
GHSA-6qr9-g2xw-cw92 was published for github.com/dagu-org/dagu (Go) Feb 19, 2026
ByamB4 Credited to ByamB4
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise Critical
CVE-2026-26190 was published for github.com/milvus-io/milvus (Go) Feb 11, 2026
0x1f Credited to 0x1f
OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware Critical
CVE-2026-0650 was published for github.com/openflagr/flagr (Go) Jan 7, 2026
Ollama Platform has missing authentication enabling attackers to perform model management operations Critical
CVE-2025-63389 was published for github.com/ollama/ollama (Go) Dec 18, 2025
Step CA Has Authorization Bypass in ACME and SCEP Provisioners Critical
CVE-2025-44005 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
sing-box vulnerable to improper authentication in the SOCKS inbound Critical
CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource Credited to thomas-chauchefoin-sonarsource
KubeView vulnerable to full cluster takeover due to improper authentication Critical
CVE-2022-45933 was published for github.com/benc-uk/kubeview (Go) Nov 27, 2022
DevSpace vulnerable to remote code execution Critical
CVE-2020-15391 was published for github.com/loft-sh/devspace (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database