Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

10,636 advisories

Loading
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate High
CVE-2026-47394 was published for PraisonAI (pip) May 29, 2026
beanduan22 Credited to beanduan22
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context Moderate
CVE-2026-47395 was published for PraisonAI (pip) May 29, 2026
beanduan22 Credited to beanduan22
Admidio writes session IDs and auto-login cookie values to application logs Moderate
CVE-2026-47234 was published for admidio/admidio (Composer) May 29, 2026
0x2face Credited to 0x2face, spect3r1, 0xreizouko, ADHAM-KHAIRY, BabaYaga0x01, and 0xheg3zy spect3r1 spect3r1
0xreizouko 0xreizouko ADHAM-KHAIRY ADHAM-KHAIRY BabaYaga0x01 BabaYaga0x01 0xheg3zy 0xheg3zy
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-8995 was published May 29, 2026
The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an... Moderate Unreviewed
CVE-2026-2128 was published May 29, 2026
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote... Moderate Unreviewed
CVE-2026-9981 was published May 29, 2026
Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed... Low Unreviewed
CVE-2026-9991 was published May 29, 2026
Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a... Moderate Unreviewed
CVE-2026-9955 was published May 29, 2026
Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a... Moderate Unreviewed
CVE-2026-9912 was published May 29, 2026
Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed... Moderate Unreviewed
CVE-2026-9929 was published May 29, 2026
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote... Low Unreviewed
CVE-2026-10011 was published May 29, 2026
Vulnerability in Oracle REST Data Services (component: General). Supported versions that are... Moderate Unreviewed
CVE-2026-46841 was published May 28, 2026
Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are... Moderate Unreviewed
CVE-2026-46830 was published May 28, 2026
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2026-7526 was published May 28, 2026
Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint High
CVE-2026-45332 was published for automad/automad (Composer) May 27, 2026
lorenzocamilli Credited to lorenzocamilli
IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection... Moderate Unreviewed
CVE-2026-8405 was published May 27, 2026
Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the... High Unreviewed
CVE-2026-36539 was published May 27, 2026
@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects Moderate
CVE-2026-44979 was published for @hapi/wreck (npm) May 27, 2026
gasbugs Credited to gasbugs
A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive... Low Unreviewed
CVE-2026-9583 was published May 26, 2026
NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could... Moderate Unreviewed
CVE-2026-24198 was published May 26, 2026
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects... Moderate Unreviewed
CVE-2026-9352 was published May 26, 2026
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the... Moderate Unreviewed
CVE-2026-9349 was published May 26, 2026
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... Moderate Unreviewed
CVE-2026-3636 was published May 26, 2026
Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members Moderate
CVE-2026-47124 was published for github.com/nezhahq/nezha (Go) May 23, 2026
sondt99 Credited to sondt99
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model Moderate
CVE-2026-47165 was published for Magick.NET-Q16-AnyCPU (NuGet) May 22, 2026
007bsd Credited to 007bsd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database