Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4,408 advisories

Loading
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for... Moderate Unreviewed
CVE-2026-13208 was published Jun 24, 2026
motionEye: Authentication possible via password hash Critical
CVE-2026-46488 was published for motioneye (pip) Jun 22, 2026
FireByteApplications Credited to FireByteApplications, 0xLynk, dimashn04, C4spr0x1A, sighnwaive, MichaIng, Marijn0, and zagrim 0xLynk 0xLynk
dimashn04 dimashn04 C4spr0x1A C4spr0x1A sighnwaive sighnwaive MichaIng MichaIng Marijn0 Marijn0 zagrim zagrim
Paymenter doesn't reset email verification status after email change Moderate
CVE-2026-44584 was published for paymenter/paymenter (Composer) Jun 22, 2026
ljskatt Credited to ljskatt and CorwinDev CorwinDev CorwinDev
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function... Moderate Unreviewed
CVE-2026-12773 was published Jun 21, 2026
AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's... Critical Unreviewed
CVE-2026-56345 was published Jun 20, 2026
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced High
CVE-2026-54781 was published for CoreWCF.Primitives (NuGet) Jun 19, 2026
OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset Moderate
CVE-2026-55689 was published for github.com/openfga/openfga (Go) Jun 19, 2026
0xVijay Credited to 0xVijay
googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken) Critical
CVE-2026-11717 was published for github.com/googleapis/mcp-toolbox (Go) Jun 18, 2026
googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken) Critical
CVE-2026-11718 was published for github.com/googleapis/mcp-toolbox (Go) Jun 18, 2026
PraisonAI: PRAISONAI_CALL_AUTH=disabled environment variable unconditionally disables authentication High
GHSA-8ccj-p46r-jwqq was published for praisonai (pip) Jun 18, 2026
lc13n Credited to lc13n
praisonai-platform 0.1.4 still boots on the hardcoded JWT secret dev-secret-change-me (default-open production guard) Critical
GHSA-f38v-77qj-h4jq was published for praisonai-platform (pip) Jun 18, 2026
Yanchon918s Credited to Yanchon918s
ProTip! Advisories are also available from the GraphQL API