GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
5,554 advisories
Filter by severity
Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission
High
CVE-2026-48508
was published
for
lemur
(pip)
Jun 25, 2026
amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads()
High
CVE-2026-9291
was published
for
amazon-braket-sdk
(pip)
Jun 25, 2026
LangGraph SDK has unsafe URL path construction
Moderate
CVE-2026-48776
was published
for
langgraph-sdk
(pip)
Jun 25, 2026
LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading
Moderate
CVE-2026-48775
was published
for
langgraph-checkpoint
(pip)
Jun 25, 2026
justhtml: to_markdown() code-span blank-line breakout enables XSS
Moderate
GHSA-jf6w-2mvx-633j
was published
for
justhtml
(pip)
Jun 25, 2026
Flask-Security has an Open Redirect issue
Moderate
GHSA-w2j7-f3c6-g8cw
was published
for
Flask-Security
(pip)
Jun 23, 2026
motionEye Partial Authentication Bypass: Unauthenticated Admin Credential Theft via Path Traversal
Critical
GHSA-phv5-334h-mxcw
was published
for
motioneye
(pip)
Jun 23, 2026
motionEye: LFI → pass‑the‑hash admin → unsafe restore → unauth action exec (RCE)
Critical
GHSA-qxvg-h7q2-hcxh
was published
for
motioneye
(pip)
Jun 23, 2026
motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution
Moderate
CVE-2026-55863
was published
for
motioneye
(pip)
Jun 23, 2026
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
High
CVE-2026-55488
was published
for
motioneye
(pip)
Jun 23, 2026
OctoPrint has possible file exfiltration via query parameters on upload endpoints
High
CVE-2026-54134
was published
for
OctoPrint
(pip)
Jun 23, 2026
Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration
High
CVE-2026-53925
was published
for
glances
(pip)
Jun 23, 2026
OctoPrint has XSS in its Suppressed Command Notifications
Moderate
CVE-2026-35163
was published
for
OctoPrint
(pip)
Jun 23, 2026
zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Moderate
CVE-2026-48487
was published
for
zeroconf
(pip)
Jun 22, 2026
Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
Moderate
CVE-2026-46611
was published
for
glances
(pip)
Jun 22, 2026
Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)
High
CVE-2026-46608
was published
for
glances
(pip)
Jun 22, 2026
Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
High
CVE-2026-46607
was published
for
glances
(pip)
Jun 22, 2026
Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
High
CVE-2026-46606
was published
for
glances
(pip)
Jun 22, 2026
motionEye: Authentication possible via password hash
Critical
CVE-2026-46488
was published
for
motioneye
(pip)
Jun 22, 2026
ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
High
CVE-2025-67303
was published
for
comfyui-manager
(pip)
Jun 22, 2026
motionEye's World-Readable Configuration File Exposes Admin Password Hash
Moderate
CVE-2026-32315
was published
for
motioneye
(pip)
Jun 22, 2026
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
Moderate
CVE-2026-31978
was published
for
motioneye
(pip)
Jun 22, 2026
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
High
CVE-2026-21887
was published
for
pycti
(pip)
Jun 22, 2026
OpenCTI May Bypass Introspection Restriction
Moderate
CVE-2024-37155
was published
for
pycti
(pip)
Jun 22, 2026
Anki's local HTTP server does not sufficiently validate requests
High
GHSA-869j-r97x-hx2g
was published
for
aqt
(pip)
Jun 19, 2026
ProTip!
Advisories are also available from the
GraphQL API