GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,273
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,489
Swift
61
Unreviewed advisories
All unreviewed
5,000+
4,387 advisories
Filter by severity
An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through...
Critical
Unreviewed
CVE-2026-9695
was published
Jul 8, 2026
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
Moderate
GHSA-f66q-9rf6-8795
was published
for
Flask-Security-Too
(pip)
Jul 7, 2026
Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email
High
CVE-2026-53516
was published
for
better-auth
(npm)
Jul 7, 2026
Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin
High
CVE-2026-53514
was published
for
better-auth
(npm)
Jul 7, 2026
Better Auth: OAuth refresh-token replay via missing client authentication on oidc-provider and mcp plugins
Critical
CVE-2026-53512
was published
for
better-auth
(npm)
Jul 7, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
Critical
Unreviewed
CVE-2026-53483
was published
Jul 7, 2026
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14...
High
Unreviewed
CVE-2026-55727
was published
Jul 6, 2026
Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass
High
CVE-2026-55075
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking
High
CVE-2026-55076
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust...
Critical
Unreviewed
CVE-2026-40138
was published
Jul 6, 2026
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust...
Critical
Unreviewed
CVE-2026-40139
was published
Jul 6, 2026
Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely (...
Critical
Unreviewed
CVE-2026-53913
was published
Jul 6, 2026
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects...
Moderate
Unreviewed
CVE-2026-14714
was published
Jul 5, 2026
A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This...
Low
Unreviewed
CVE-2026-14627
was published
Jul 4, 2026
HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low...
High
Unreviewed
CVE-2026-12196
was published
Jul 4, 2026
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to...
Moderate
Unreviewed
CVE-2026-14622
was published
Jul 4, 2026
fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection
Critical
CVE-2026-52830
was published
for
fast-mcp-telegram
(pip)
Jul 2, 2026
joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)
High
CVE-2026-49852
was published
for
joserfc
(pip)
Jul 2, 2026
OpenClaw: Control UI locality spoofing could mint a durable admin device token
High
CVE-2026-53817
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers
High
GHSA-rggc-m335-3wvj
was published
for
openclaw
(npm)
Jul 2, 2026
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program...
Moderate
Unreviewed
CVE-2026-58029
was published
Jul 1, 2026
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin...
Critical
Unreviewed
CVE-2026-11387
was published
Jul 1, 2026
Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public...
High
Unreviewed
CVE-2026-56219
was published
Jul 1, 2026
IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1...
High
Unreviewed
CVE-2026-10560
was published
Jun 30, 2026
Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the...
Moderate
Unreviewed
CVE-2026-55955
was published
Jun 29, 2026
ProTip!
Advisories are also available from the
GraphQL API