Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects... Low Unreviewed
CVE-2026-12210 was published Jun 15, 2026
Papra HTTP redirect bypass can lead to SSRF via webhook delivery system Low
CVE-2026-48051 was published for @papra/webhooks (npm) Jun 10, 2026
FredrikEV Credited to FredrikEV
A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function... Low Unreviewed
CVE-2026-11469 was published Jun 8, 2026
Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic Low
CVE-2026-45723 was published for github.com/siderolabs/omni (Go) Jun 5, 2026
bugbunny-research Credited to bugbunny-research
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the... Low Unreviewed
CVE-2026-10690 was published Jun 3, 2026
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b.... Low Unreviewed
CVE-2026-10662 was published Jun 3, 2026
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function... Low Unreviewed
CVE-2026-10581 was published Jun 2, 2026
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by... Low Unreviewed
CVE-2026-10583 was published Jun 2, 2026
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects... Low Unreviewed
CVE-2026-10276 was published Jun 1, 2026
A vulnerability was determined in indrasishbanerjee aem-mcp-server up to... Low Unreviewed
CVE-2026-10274 was published Jun 1, 2026
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1.... Low Unreviewed
CVE-2026-10241 was published Jun 1, 2026
A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function... Low Unreviewed
CVE-2026-10239 was published Jun 1, 2026
A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown... Low Unreviewed
CVE-2026-10240 was published Jun 1, 2026
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function... Low Unreviewed
CVE-2026-10177 was published May 31, 2026
A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function... Low Unreviewed
CVE-2026-9464 was published May 26, 2026
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the... Low Unreviewed
CVE-2026-9304 was published May 26, 2026
In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor... Low Unreviewed
CVE-2026-7890 was published May 22, 2026
Crawlee for Python: SSRF via sitemap-derived URLs Low
CVE-2026-46497 was published for crawlee (pip) May 21, 2026
FORIMOC Credited to FORIMOC and Arturo0x90 Arturo0x90 Arturo0x90
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping Low
CVE-2026-33637 was published for faraday (RubyGems) May 18, 2026
Pirikara Credited to Pirikara
Mattermost doesn't validate the Host header when constructing response URLs for custom slash command Low
CVE-2026-6333 was published for github.com/mattermost/mattermost-server (Go) May 18, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10... Low Unreviewed
CVE-2026-7471 was published May 14, 2026
A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the... Low Unreviewed
CVE-2026-8320 was published May 11, 2026
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP... Low Unreviewed
CVE-2026-45000 was published May 11, 2026
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of... Low Unreviewed
CVE-2026-8193 was published May 9, 2026
MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience Low
CVE-2026-44428 was published for github.com/modelcontextprotocol/registry (Go) May 8, 2026
FORIMOC Credited to FORIMOC, Yuremin, and rdimitrov Yuremin Yuremin
rdimitrov rdimitrov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database