GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
199 advisories
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection
High
CVE-2026-31975
was published
for
@siteboon/claude-code-ui
(npm)
Mar 11, 2026
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Critical
CVE-2026-26190
was published
for
github.com/milvus-io/milvus
(Go)
Feb 11, 2026
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
Critical
CVE-2026-25894
was published
for
fuxa-server
(npm)
Feb 5, 2026
terraform-provider-proxmox has insecure sudo recommendation in the documentation
High
CVE-2026-25499
was published
for
github.com/bpg/terraform-provider-proxmox
(Go)
Feb 2, 2026
Misskey has a login rate limit bypass via spoofed X-Forwarded-For header
Moderate
CVE-2025-66482
was published
for
misskey-js
(npm)
Dec 15, 2025
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
High
CVE-2025-66416
was published
for
mcp
(pip)
Dec 2, 2025
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
High
CVE-2025-66414
was published
for
@modelcontextprotocol/sdk
(npm)
Dec 2, 2025
ProTip!
Advisories are also available from the
GraphQL API