Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

312 advisories

Loading
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator High
CVE-2026-3009 was published for org.keycloak:keycloak-services (Maven) Mar 5, 2026
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands High
CVE-2026-28392 was published for openclaw (npm) Feb 18, 2026
christos-eth Credited to christos-eth
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to... High Unreviewed
CVE-2026-0017 was published Mar 2, 2026
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role High
CVE-2026-27803 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso
INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints High
GHSA-xfx2-prg5-jq3g was published for github.com/romitou/insatutorat (Go) Mar 1, 2026
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... High Unreviewed
CVE-2025-4521 was published Feb 19, 2026
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over... High Unreviewed
CVE-2026-20960 was published Jan 17, 2026
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before... High Unreviewed
CVE-2024-50617 was published Feb 12, 2026
File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function High
CVE-2025-64523 was published for github.com/filebrowser/filebrowser/v2 (Go) Nov 13, 2025
bbodisteanu-hacken Credited to bbodisteanu-hacken and hacdias hacdias hacdias
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration High
GHSA-4jmp-x7mh-rgmr was published for github.com/babylonlabs-io/finality-provider (Go) Dec 12, 2025
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin High
CVE-2026-22022 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass... High Unreviewed
CVE-2026-21641 was published Jan 20, 2026
Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field High
CVE-2026-22033 was published for label-studio (pip) Jan 12, 2026
david3107 Credited to david3107
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The... High Unreviewed
CVE-2025-40830 was published Dec 9, 2025
Better Auth: Unauthenticated API key creation through api-key plugin High
CVE-2025-61928 was published for better-auth (npm) Oct 9, 2025
etiennelunetta Credited to etiennelunetta
Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions High
CVE-2025-66301 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek Credited to nakkouchtarek
OneUptime Unauthorized User Creation via API High
CVE-2025-65966 was published for @oneuptime/common (npm) Nov 26, 2025
SamirWaleed Credited to SamirWaleed
The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary... High Unreviewed
CVE-2025-64065 was published Nov 25, 2025
The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but... High Unreviewed
CVE-2025-64062 was published Nov 25, 2025
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized... High Unreviewed
CVE-2025-64655 was published Nov 21, 2025
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm Credited to tlm, wallyworld, hpidcock, Fedqys, and setharnold wallyworld wallyworld
hpidcock hpidcock Fedqys Fedqys setharnold setharnold
The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-11521 was published Nov 11, 2025
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... High Unreviewed
CVE-2025-4519 was published Nov 7, 2025
Magento improper authorization vulnerability High
CVE-2021-36029 was published for magento/community-edition (Composer) May 24, 2022
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight... High Unreviewed
CVE-2023-47166 was published May 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database