GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,041 advisories
paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
Critical
GHSA-68qg-g8mg-6pr7
was published
for
@paperclipai/server
(npm)
Apr 10, 2026
ajenti.plugin.core has password bypass when 2FA is activated
Critical
CVE-2026-40177
was published
for
ajenti.plugin.core
(pip)
Apr 10, 2026
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
Critical
CVE-2026-39324
was published
for
rack-session
(RubyGems)
Apr 8, 2026
LiteLLM: Authentication bypass via OIDC userinfo cache key collision
Critical
CVE-2026-35030
was published
for
litellm
(pip)
Apr 3, 2026
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
Critical
CVE-2026-4370
was published
for
github.com/juju/juju
(Go)
Apr 2, 2026
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Critical
CVE-2026-33716
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
MinIO has JWT Algorithm Confusion in OIDC Authentication
Critical
CVE-2026-33322
was published
for
github.com/minio/minio
(Go)
Mar 19, 2026
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
Critical
CVE-2026-30836
was published
for
github.com/smallstep/certificates
(Go)
Mar 19, 2026
AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass
Critical
CVE-2026-32136
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Mar 12, 2026
Feathers has an OAuth Callback Account Takeover issue
Critical
CVE-2026-29792
was published
for
@feathersjs/authentication-oauth
(npm)
Mar 10, 2026
Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters
Critical
CVE-2026-30863
was published
for
parse-server
(npm)
Mar 9, 2026
ProTip!
Advisories are also available from the
GraphQL API