Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,852 advisories

Loading
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form... Moderate Unreviewed
CVE-2026-1674 was published Mar 4, 2026
The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2026-3056 was published Mar 4, 2026
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2026-2732 was published Mar 4, 2026
OpenClaw: MS Teams fileConsent/invoke missing conversation binding allowed cross-conversation pending-upload consumption Moderate
GHSA-j26j-7qc4-3mrf was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user... Moderate Unreviewed
CVE-2025-13734 was published Mar 3, 2026
SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access Moderate
CVE-2026-29073 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 3, 2026
rezmoss Credited to rezmoss
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-1336 was published Mar 3, 2026
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to... Moderate Unreviewed
CVE-2026-0024 was published Mar 2, 2026
Statamic's missing authorization allows access to email addresses Moderate
CVE-2026-28424 was published for statamic/cms (Composer) Mar 1, 2026
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated... Moderate Unreviewed
CVE-2026-28554 was published Mar 1, 2026
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated... Moderate Unreviewed
CVE-2026-28555 was published Mar 1, 2026
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated... Moderate Unreviewed
CVE-2026-28556 was published Mar 1, 2026
@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode Moderate
CVE-2026-27638 was published for @actual-app/sync-server (npm) Feb 27, 2026
q1uf3ng Credited to q1uf3ng
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations Moderate
CVE-2026-27457 was published for weblate (pip) Feb 26, 2026
nijel Credited to nijel
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint Moderate
CVE-2026-24004 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18... Moderate Unreviewed
CVE-2025-14103 was published Feb 25, 2026
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add... Moderate Unreviewed
CVE-2026-28195 was published Feb 25, 2026
A flaw was found in the udisks storage management daemon that allows unprivileged users to back... Moderate Unreviewed
CVE-2026-26104 was published Feb 25, 2026
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post... Moderate Unreviewed
CVE-2026-2301 was published Feb 25, 2026
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is... Moderate Unreviewed
CVE-2026-1787 was published Feb 21, 2026
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and... Moderate Unreviewed
CVE-2025-14339 was published Feb 21, 2026
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-24944 was published Feb 20, 2026
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for... Moderate Unreviewed
CVE-2026-24946 was published Feb 20, 2026
Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar... Moderate Unreviewed
CVE-2026-22351 was published Feb 20, 2026
Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop... Moderate Unreviewed
CVE-2026-22350 was published Feb 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database