GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
129,774 advisories
Filter by severity
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController:...
High
Unreviewed
CVE-2026-57995
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts...
High
Unreviewed
CVE-2026-56320
was published
Jul 1, 2026
Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that...
High
Unreviewed
CVE-2026-56233
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation...
High
Unreviewed
CVE-2026-56249
was published
Jul 1, 2026
Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey...
High
Unreviewed
CVE-2026-56230
was published
Jul 1, 2026
Capgo before 12.128.2 contains unauthenticated security definer RPC functions get_user_id and...
High
Unreviewed
CVE-2026-56300
was published
Jul 1, 2026
Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without...
High
Unreviewed
CVE-2026-56247
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion...
High
Unreviewed
CVE-2026-56286
was published
Jul 1, 2026
Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist...
High
Unreviewed
CVE-2026-56328
was published
Jul 1, 2026
Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public...
High
Unreviewed
CVE-2026-56219
was published
Jul 1, 2026
picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle...
High
Unreviewed
CVE-2025-71368
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter...
High
Unreviewed
CVE-2025-71371
was published
Jul 1, 2026
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run...
High
Unreviewed
CVE-2025-71350
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing...
High
Unreviewed
CVE-2025-71349
was published
Jul 1, 2026
picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods,...
High
Unreviewed
CVE-2025-71363
was published
Jul 1, 2026
An unauthenticated attacker can read worklist records from a directory outside the intended per...
High
Unreviewed
CVE-2026-52868
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when...
High
Unreviewed
CVE-2025-71352
was published
Jul 1, 2026
yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that...
High
Unreviewed
CVE-2026-58448
was published
Jul 1, 2026
Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level...
High
Unreviewed
CVE-2026-58447
was published
Jul 1, 2026
Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing...
High
Unreviewed
CVE-2025-71355
was published
Jul 1, 2026
picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when...
High
Unreviewed
CVE-2025-71374
was published
Jul 1, 2026
An unauthenticated remote attacker can repeatedly send a single crafted connection request to...
High
Unreviewed
CVE-2026-50254
was published
Jul 1, 2026
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory...
High
Unreviewed
CVE-2026-35505
was published
Jul 1, 2026
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0...
High
Unreviewed
CVE-2026-11541
was published
Jul 1, 2026
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after...
High
Unreviewed
CVE-2025-36359
was published
Jun 30, 2026
ProTip!
Advisories are also available from the
GraphQL API