Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token Critical
CVE-2026-48039 was published for meta-ads-mcp (pip) Jun 11, 2026
232-323 Credited to 232-323
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on... Critical Unreviewed
CVE-2026-4764 was published Jun 11, 2026
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of... Critical Unreviewed
CVE-2026-46185 was published May 28, 2026
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering... Critical Unreviewed
CVE-2026-45602 was published Jun 9, 2026
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3... Critical Unreviewed
CVE-2026-36727 was published Jun 9, 2026
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate... Critical Unreviewed
CVE-2026-46195 was published May 28, 2026
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload Critical
CVE-2026-48063 was published for @whiskeysockets/baileys (npm) Jun 10, 2026
purpshell Credited to purpshell and SheIITear SheIITear SheIITear
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger Critical
CVE-2026-46614 was published for github.com/fission/fission (Go) May 21, 2026
FORIMOC Credited to FORIMOC, Yuremin, and sanketsudake Yuremin Yuremin
sanketsudake sanketsudake
A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs)... Critical Unreviewed
CVE-2026-53471 was published Jun 10, 2026
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input... Critical Unreviewed
CVE-2026-34182 was published Jun 9, 2026
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in... Critical Unreviewed
CVE-2026-5121 was published Mar 30, 2026
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers... Critical Unreviewed
CVE-2026-4408 was published May 28, 2026
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below... Critical Unreviewed
CVE-2026-20253 was published Jun 10, 2026
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8... Critical Unreviewed
CVE-2026-36721 was published Jun 9, 2026
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. Critical Unreviewed
CVE-2026-38615 was published Jun 9, 2026
A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by... Critical Unreviewed
CVE-2026-53469 was published Jun 10, 2026
A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same... Critical Unreviewed
CVE-2026-53476 was published Jun 10, 2026
A flaw was found in migration-planner. A remote authenticated attacker could exploit this... Critical Unreviewed
CVE-2026-53474 was published Jun 10, 2026
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access... Critical Unreviewed
CVE-2026-53470 was published Jun 10, 2026
A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer... Critical Unreviewed
CVE-2026-53475 was published Jun 10, 2026
Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery Critical
CVE-2026-48031 was published for github.com/dhax/go-base (Go) Jun 10, 2026
saaa99999999 Credited to saaa99999999
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user... Critical Unreviewed
CVE-2026-9067 was published Jun 10, 2026
Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to... Critical Unreviewed
CVE-2026-11029 was published Jun 5, 2026
The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2025-6254 was published Jun 10, 2026
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free... Critical Unreviewed
CVE-2026-45447 was published Jun 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database