GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
311,448 advisories
Filter by severity
A malicious LDAP server, which a Thunderbird user is configured to query for address-book...
Unknown
Unreviewed
CVE-2026-57962
was published
Jul 1, 2026
An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled...
Unknown
Unreviewed
CVE-2026-57963
was published
Jul 1, 2026
Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1...
Moderate
Unreviewed
CVE-2026-56399
was published
Jul 1, 2026
ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark()...
Low
Unreviewed
CVE-2026-56364
was published
Jul 1, 2026
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController:...
High
Unreviewed
CVE-2026-57995
was published
Jul 1, 2026
ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel...
Moderate
Unreviewed
CVE-2026-56363
was published
Jul 1, 2026
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security...
Moderate
Unreviewed
CVE-2026-56777
was published
Jul 1, 2026
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe...
Critical
Unreviewed
CVE-2026-56700
was published
Jul 1, 2026
ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing...
Moderate
Unreviewed
CVE-2026-56365
was published
Jul 1, 2026
Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl...
Critical
Unreviewed
CVE-2026-56415
was published
Jul 1, 2026
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl...
Critical
Unreviewed
CVE-2026-56413
was published
Jul 1, 2026
ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the...
Moderate
Unreviewed
CVE-2026-56369
was published
Jul 1, 2026
ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or...
Moderate
Unreviewed
CVE-2026-56377
was published
Jul 1, 2026
ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of...
Moderate
Unreviewed
CVE-2026-56361
was published
Jul 1, 2026
Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization...
Moderate
Unreviewed
CVE-2026-56333
was published
Jul 1, 2026
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users...
Moderate
Unreviewed
CVE-2026-56350
was published
Jul 1, 2026
Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to...
Moderate
Unreviewed
CVE-2026-56277
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion...
High
Unreviewed
CVE-2026-56286
was published
Jul 1, 2026
Capgo before 12.128.2 contains an information disclosure vulnerability in the /private...
Moderate
Unreviewed
CVE-2026-56318
was published
Jul 1, 2026
Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist...
High
Unreviewed
CVE-2026-56328
was published
Jul 1, 2026
Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint...
Moderate
Unreviewed
CVE-2026-56331
was published
Jul 1, 2026
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ...
Critical
Unreviewed
CVE-2026-56278
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation...
High
Unreviewed
CVE-2026-56249
was published
Jul 1, 2026
Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table,...
Moderate
Unreviewed
CVE-2026-56334
was published
Jul 1, 2026
n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS...
Moderate
Unreviewed
CVE-2026-56356
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API