Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,416
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,657
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

636 advisories

Loading
Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket High
CVE-2026-39363 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, CodeAnt-AI-Security, tronglinh23, and bluwy CodeAnt-AI-Security CodeAnt-AI-Security
tronglinh23 tronglinh23 bluwy bluwy
strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol High
CVE-2026-35523 was published for strawberry-graphql (pip) Apr 6, 2026
bellini666 Credited to bellini666, patrick91, katzj, and WesR patrick91 patrick91
katzj katzj WesR WesR
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows... High Unreviewed
CVE-2026-4272 was published Apr 6, 2026
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows... High Unreviewed
CVE-2019-25686 was published Apr 5, 2026
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that... High Unreviewed
CVE-2019-25678 was published Apr 5, 2026
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2018-25246 was published Apr 4, 2026
Microsoft VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows... High Unreviewed
CVE-2018-25241 was published Apr 4, 2026
A specific administrative endpoint is accessible without proper authentication, exposing device... High Unreviewed
CVE-2026-32646 was published Apr 3, 2026
AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php High
CVE-2026-34731 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated... High Unreviewed
CVE-2018-25224 was published Mar 28, 2026
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated... High Unreviewed
CVE-2018-25225 was published Mar 28, 2026
The VSL privileged helper does utilize NSXPC for IPC. The implementation of the ... High Unreviewed
CVE-2026-24068 was published Mar 26, 2026
AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment High
CVE-2026-33719 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability,... High Unreviewed
CVE-2026-4640 was published Mar 24, 2026
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600... High Unreviewed
CVE-2025-15517 was published Mar 23, 2026
An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt... High Unreviewed
CVE-2026-31846 was published Mar 23, 2026
Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication High
GHSA-cxcw-jm67-3wwp was published for openclaw (npm) Mar 21, 2026 withdrawn
Unauthenticated remote shutdown in nltk.app.wordnet_app High
CVE-2026-33231 was published for nltk (pip) Mar 19, 2026
leduckhuong Credited to leduckhuong
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass High
CVE-2026-33203 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
mith36 Credited to mith36
The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform... High Unreviewed
CVE-2026-24062 was published Mar 18, 2026
Keycloak: Unauthorized authentication via disabled SAML Identity Provider High
CVE-2026-2603 was published for org.keycloak:keycloak-server-spi-private (Maven) Mar 18, 2026
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment... High Unreviewed
CVE-2026-22727 was published Mar 18, 2026
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0... High Unreviewed
CVE-2026-1264 was published Mar 18, 2026
Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x... High Unreviewed
CVE-2026-3207 was published Mar 17, 2026
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments High
CVE-2026-33038 was published for wwbn/avideo (Composer) Mar 17, 2026
bugbunny-research Credited to bugbunny-research
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database