Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

322 advisories

Loading
Duplicate Advisory: OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes Critical
GHSA-x49q-fhhm-r9jf was published for openclaw (npm) Mar 20, 2026 withdrawn
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to... Critical Unreviewed
CVE-2026-4038 was published Mar 20, 2026
Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion Critical
CVE-2026-32817 was published for admidio/admidio (Composer) Mar 16, 2026
restriction Credited to restriction
OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes Critical
CVE-2026-22172 was published for openclaw (npm) Mar 13, 2026
LUOYEcode Credited to LUOYEcode
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x... Critical Unreviewed
CVE-2025-11158 was published Mar 10, 2026
OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover Critical
CVE-2026-30956 was published for @oneuptime/common (npm) Mar 10, 2026
Zwique Credited to Zwique
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the... Critical Unreviewed
CVE-2025-41764 was published Mar 9, 2026
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the... Critical Unreviewed
CVE-2025-41765 was published Mar 9, 2026
The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF... Critical Unreviewed
CVE-2026-2446 was published Mar 6, 2026
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection... Critical Unreviewed
CVE-2026-3431 was published Mar 2, 2026
On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path... Critical Unreviewed
CVE-2026-3432 was published Mar 2, 2026
openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability... Critical Unreviewed
CVE-2026-28515 was published Feb 28, 2026
Parse Dashboard is Missing Authorization for its Agent Endpoint Critical
CVE-2026-27608 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza Credited to mtrezza and ByamB4 ByamB4 ByamB4
Sensitive data disclosure and manipulation due to missing authorization. The following products... Critical Unreviewed
CVE-2025-30416 was published Feb 20, 2026
CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in... Critical Unreviewed
CVE-2025-70150 was published Feb 18, 2026
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized... Critical Unreviewed
CVE-2026-1937 was published Feb 18, 2026
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a... Critical Unreviewed
CVE-2026-0488 was published Feb 10, 2026
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged... Critical Unreviewed
CVE-2026-0509 was published Feb 10, 2026
FUXA Unauthenticated Remote Arbitrary Scheduler Write Critical
CVE-2026-25939 was published for fuxa-server (npm) Feb 10, 2026
wodzen Credited to wodzen
The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary... Critical Unreviewed
CVE-2026-1499 was published Feb 6, 2026
FUXA Unauthenticated Remote Arbitrary Device Tag Write Critical
CVE-2026-25752 was published for fuxa-server (npm) Feb 5, 2026
wodzen Credited to wodzen
Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly... Critical Unreviewed
CVE-2025-58210 was published Jan 28, 2026
Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything... Critical Unreviewed
CVE-2026-24371 was published Jan 22, 2026
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number... Critical Unreviewed
CVE-2025-69052 was published Jan 22, 2026
Missing Authorization vulnerability in ilmosys Order Listener for WooCommerce woc-order-alert... Critical Unreviewed
CVE-2025-68018 was published Jan 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database