Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

4,266 advisories

Loading
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure... Moderate Unreviewed
CVE-2025-67437 was published May 15, 2026
Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine ... High Unreviewed
CVE-2024-36323 was published May 15, 2026
Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible... Moderate Unreviewed
CVE-2025-0040 was published May 15, 2026
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to... High Unreviewed
CVE-2026-7373 was published May 15, 2026
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a... Moderate Unreviewed
CVE-2026-8586 was published May 14, 2026
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168... Moderate Unreviewed
CVE-2026-8566 was published May 14, 2026
Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file High
CVE-2026-45301 was published for open-webui (pip) May 14, 2026
vi11ain Credited to vi11ain
wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API High
CVE-2026-43977 was published for wger (pip) May 14, 2026
KadirArslan Credited to KadirArslan
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control. Moderate Unreviewed
CVE-2026-24711 was published May 14, 2026
FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment High
CVE-2026-46441 was published for flowise (npm) May 14, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment High
CVE-2026-42863 was published for flowise (npm) May 14, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment High
CVE-2026-42862 was published for flowise (npm) May 14, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment High
CVE-2026-42861 was published for flowise (npm) May 14, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Editors could delete any annotation, even those they do not have read access to. The editor user... Moderate Unreviewed
CVE-2026-28374 was published May 13, 2026
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard... High Unreviewed
CVE-2026-33377 was published May 13, 2026
When a user's access to mint tokens for a service account is revoked, it is sometimes still... Moderate Unreviewed
CVE-2026-33381 was published May 13, 2026
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access... Moderate Unreviewed
CVE-2026-36738 was published May 13, 2026
Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server Critical
GHSA-vw82-7fv8-r6gp was published for github.com/obot-platform/obot (Go) May 13, 2026
Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false Moderate
CVE-2026-44774 was published for github.com/traefik/traefik (Go) May 13, 2026
tamemghq Credited to tamemghq
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could... Moderate Unreviewed
CVE-2026-44874 was published May 12, 2026
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator... Critical Unreviewed
CVE-2026-44277 was published May 12, 2026
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing... High Unreviewed
CVE-2026-42832 was published May 12, 2026
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2026-42823 was published May 12, 2026
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. Moderate Unreviewed
CVE-2026-41100 was published May 12, 2026
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform... High Unreviewed
CVE-2026-41102 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database