GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31,369 advisories
Filter by severity
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe...
Critical
Unreviewed
CVE-2026-56700
was published
Jul 1, 2026
Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl...
Critical
Unreviewed
CVE-2026-56415
was published
Jul 1, 2026
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl...
Critical
Unreviewed
CVE-2026-56413
was published
Jul 1, 2026
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ...
Critical
Unreviewed
CVE-2026-56278
was published
Jul 1, 2026
Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed...
Critical
Unreviewed
CVE-2026-55721
was published
Jul 1, 2026
Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services...
Critical
Unreviewed
CVE-2026-50110
was published
Jul 1, 2026
Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API...
Critical
Unreviewed
CVE-2026-56264
was published
Jul 1, 2026
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function...
Critical
Unreviewed
CVE-2026-58449
was published
Jul 1, 2026
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode...
Critical
Unreviewed
CVE-2026-50003
was published
Jul 1, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials...
Critical
Unreviewed
CVE-2026-7874
was published
Jun 30, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper...
Critical
Unreviewed
CVE-2026-7803
was published
Jun 30, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS...
Critical
Unreviewed
CVE-2026-7873
was published
Jun 30, 2026
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected...
Critical
Unreviewed
CVE-2026-7663
was published
Jun 30, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that...
Critical
Unreviewed
CVE-2026-10140
was published
Jun 30, 2026
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability...
Critical
Unreviewed
CVE-2026-11712
was published
Jun 30, 2026
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability...
Critical
Unreviewed
CVE-2026-11708
was published
Jun 30, 2026
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code...
Critical
Unreviewed
CVE-2026-7871
was published
Jun 30, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution...
Critical
Unreviewed
CVE-2026-10109
was published
Jun 30, 2026
Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution...
Critical
Unreviewed
CVE-2026-58138
was published
Jun 30, 2026
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the...
Critical
Unreviewed
CVE-2026-10134
was published
Jun 30, 2026
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author....
Critical
Unreviewed
CVE-2026-58370
was published
Jun 30, 2026
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability...
Critical
Unreviewed
CVE-2026-58172
was published
Jun 30, 2026
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation...
Critical
Unreviewed
CVE-2026-48315
was published
Jun 30, 2026
Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect...
Critical
Unreviewed
CVE-2026-48286
was published
Jun 30, 2026
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a...
Critical
Unreviewed
CVE-2026-48313
was published
Jun 30, 2026
ProTip!
Advisories are also available from the
GraphQL API