GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,297
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
4,408 advisories
Filter by severity
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
High
GHSA-4qq2-2j2x-x62c
was published
for
praisonai
(npm)
Jun 18, 2026
PraisonAI LinearBot processes unsigned webhooks when LINEAR_WEBHOOK_SECRET is missing
High
GHSA-fc26-m9pf-v56q
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI recipe serve Typer command bypasses the non-localhost authentication guard
High
GHSA-5qw8-f2g9-ff29
was published
for
praisonai
(pip)
Jun 18, 2026
ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
High
CVE-2026-55672
was published
for
github.com/zitadel/zitadel
(Go)
Jun 18, 2026
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication...
High
Unreviewed
CVE-2026-49502
was published
Jun 17, 2026
Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication...
High
Unreviewed
CVE-2026-32804
was published
Jun 17, 2026
Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is...
High
Unreviewed
CVE-2026-48929
was published
Jun 17, 2026
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). The...
Critical
Unreviewed
CVE-2026-46859
was published
Jun 17, 2026
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component:...
Moderate
Unreviewed
CVE-2026-35261
was published
Jun 17, 2026
Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`
High
CVE-2026-52845
was published
for
github.com/caddyserver/caddy
(Go)
Jun 16, 2026
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
High
CVE-2026-48526
was published
for
pyjwt
(pip)
Jun 15, 2026
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux...
Critical
Unreviewed
CVE-2026-12183
was published
Jun 13, 2026
An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache...
Moderate
Unreviewed
CVE-2026-50623
was published
Jun 12, 2026
Improper authentication checks in the OAuth implementation allow account hijacking even when...
Critical
Unreviewed
CVE-2026-48611
was published
Jun 12, 2026
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
Critical
CVE-2026-48039
was published
for
meta-ads-mcp
(pip)
Jun 11, 2026
X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a...
Moderate
Unreviewed
CVE-2026-40995
was published
Jun 11, 2026
A person with access to a Mac may be able to bypass Login Window. A consistency issue was...
Low
Unreviewed
CVE-2022-48575
was published
Jun 11, 2026
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
Moderate
CVE-2026-47838
was published
for
org.springframework.security:spring-security-web
(Maven)
Jun 10, 2026
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3...
Critical
Unreviewed
CVE-2026-36727
was published
Jun 9, 2026
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to...
High
Unreviewed
CVE-2026-44810
was published
Jun 9, 2026
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where...
High
Unreviewed
CVE-2026-41720
was published
Jun 9, 2026
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function...
Moderate
Unreviewed
CVE-2026-11618
was published
Jun 9, 2026
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated...
Critical
Unreviewed
CVE-2026-50751
was published
Jun 8, 2026
On Tapo
C520WS v2, restricted accounts (for example, hub users) are intended to execute
only a...
High
Unreviewed
CVE-2026-34123
was published
Jun 6, 2026
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows...
Moderate
Unreviewed
CVE-2026-11345
was published
Jun 5, 2026
ProTip!
Advisories are also available from the
GraphQL API