Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

4,823 advisories

Loading
A Fleet team maintainer can transfer hosts from any team via missing source team authorization Moderate
CVE-2026-29180 was published for github.com/fleetdm/fleet/v4 (Go) Mar 27, 2026
Open WebUI has unauthorized deletion of knowledge files Moderate
CVE-2026-29070 was published for open-webui (pip) Mar 27, 2026
ScaumAcktiv Credited to ScaumAcktiv
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read... Moderate Unreviewed
CVE-2026-5025 was published Mar 27, 2026
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or... Moderate Unreviewed
CVE-2026-5022 was published Mar 27, 2026
Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get... Moderate Unreviewed
CVE-2026-4309 was published Mar 27, 2026
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up... Moderate Unreviewed
CVE-2026-3098 was published Mar 27, 2026
Statamic allows unauthorized content access through missing authorization in its revision controllers Moderate
CVE-2026-33887 was published for statamic/cms (Composer) Mar 26, 2026
offset Credited to offset
Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path` Moderate
CVE-2026-33768 was published for @astrojs/vercel (npm) Mar 26, 2026
jp-soba Credited to jp-soba
AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings Moderate
CVE-2026-33761 was published for wwbn/avideo (Composer) Mar 26, 2026
offset Credited to offset
AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents Moderate
CVE-2026-33759 was published for wwbn/avideo (Composer) Mar 26, 2026
offset Credited to offset
The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing... Moderate Unreviewed
CVE-2026-4281 was published Mar 26, 2026
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-4331 was published Mar 26, 2026
AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data Moderate
CVE-2026-33685 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting... Moderate Unreviewed
CVE-2026-32562 was published Mar 25, 2026
Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting... Moderate Unreviewed
CVE-2026-32514 was published Mar 25, 2026
Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms,... Moderate Unreviewed
CVE-2026-32527 was published Mar 25, 2026
Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect... Moderate Unreviewed
CVE-2026-32541 was published Mar 25, 2026
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows... Moderate Unreviewed
CVE-2026-32483 was published Mar 25, 2026
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-32489 was published Mar 25, 2026
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows... Moderate Unreviewed
CVE-2026-25390 was published Mar 25, 2026
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for... Moderate Unreviewed
CVE-2026-25398 was published Mar 25, 2026
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7,... Moderate Unreviewed
CVE-2026-25430 was published Mar 25, 2026
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting... Moderate Unreviewed
CVE-2026-25437 was published Mar 25, 2026
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting... Moderate Unreviewed
CVE-2026-25454 was published Mar 25, 2026
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-25462 was published Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database