Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,080
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,412
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31,147 advisories

Loading
AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's... Critical Unreviewed
CVE-2026-56345 was published Jun 20, 2026
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user... Critical Unreviewed
CVE-2026-5366 was published Jun 20, 2026
Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via... Critical Unreviewed
CVE-2024-58351 was published Jun 20, 2026
WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute... Critical Unreviewed
CVE-2022-50972 was published Jun 20, 2026
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass... Critical Unreviewed
CVE-2019-25763 was published Jun 20, 2026
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the... Critical Unreviewed
CVE-2026-48939 was published Jun 20, 2026
A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for... Critical Unreviewed
CVE-2026-48908 was published Jun 20, 2026
SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without... Critical Unreviewed
CVE-2026-48909 was published Jun 20, 2026
Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and... Critical Unreviewed
CVE-2026-56081 was published Jun 20, 2026
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all... Critical Unreviewed
CVE-2026-11551 was published Jun 20, 2026
Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that... Critical Unreviewed
CVE-2026-56073 was published Jun 20, 2026
OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete) Critical
GHSA-h3m5-97jq-qjrf was published for io.openremote:openremote-manager (Maven) Jun 19, 2026
Forklit Credited to Forklit and vladkoniakhinmob vladkoniakhinmob vladkoniakhinmob
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-48584 was published Jun 19, 2026
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-48582 was published Jun 19, 2026
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-45480 was published Jun 19, 2026
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit Critical
CVE-2026-55447 was published for langflow (pip) Jun 19, 2026
vbCrLf Credited to vbCrLf, AntonioABLima, andifilhohub, erichare, and Adam-Aghili AntonioABLima AntonioABLima
andifilhohub andifilhohub erichare erichare Adam-Aghili Adam-Aghili
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow Critical
CVE-2026-55255 was published for langflow (pip) Jun 19, 2026
yzeirnials Credited to yzeirnials, andifilhohub, LeftenantZero, Zwique, AntonioABLima, erichare, and Adam-Aghili andifilhohub andifilhohub
LeftenantZero LeftenantZero Zwique Zwique AntonioABLima AntonioABLima erichare erichare Adam-Aghili Adam-Aghili
Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs Critical
CVE-2026-55791 was published for craftcms/cms (Composer) Jun 19, 2026
seoyoung-kang Credited to seoyoung-kang
Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag Critical
GHSA-wfqx-gjrf-g28r was published for github.com/crossplane/crossplane (Go) Jun 19, 2026
bugbunny-research Credited to bugbunny-research and tonghuaroot tonghuaroot tonghuaroot
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation Critical
CVE-2026-54782 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430,... Critical Unreviewed
CVE-2026-56142 was published Jun 19, 2026
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430,... Critical Unreviewed
CVE-2026-50242 was published Jun 19, 2026
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430,... Critical Unreviewed
CVE-2026-56141 was published Jun 19, 2026
DotVVM: Missing authorization in AuthorizeActionFilter Critical
GHSA-c8qj-jx8j-fg2w was published for DotVVM (NuGet) Jun 19, 2026
Tilt: Missing authentication on the network-exposed Tilt HUD server Critical
CVE-2026-55884 was published for github.com/tilt-dev/tilt (Go) Jun 19, 2026
therawdev Credited to therawdev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database