Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,473 advisories

Loading
When creating an export through the pretix API, API clients are returned an UUID value for their... Low Unreviewed
CVE-2026-9712 was published May 27, 2026
Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload... Moderate Unreviewed
CVE-2026-42725 was published May 27, 2026
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp... High Unreviewed
CVE-2026-42736 was published May 27, 2026
code100x contains an authentication bypass vulnerability in the Mobile API that allows... High Unreviewed
CVE-2026-8890 was published May 26, 2026
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace... Moderate Unreviewed
CVE-2026-38587 was published May 26, 2026
OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key... Moderate Unreviewed
CVE-2026-40127 was published May 26, 2026
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM)... High Unreviewed
CVE-2026-35430 was published May 26, 2026
Authorization bypass in the entry duplication feature in Devolutions Server allows an... Low Unreviewed
CVE-2026-9248 was published May 26, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express... Low Unreviewed
CVE-2026-8347 was published May 26, 2026
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... High Unreviewed
CVE-2026-3473 was published May 26, 2026
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in... High Unreviewed
CVE-2026-8679 was published May 22, 2026
Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express... Moderate Unreviewed
CVE-2026-7881 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[]... Low Unreviewed
CVE-2026-7886 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend... Moderate Unreviewed
CVE-2026-8204 was published May 21, 2026
Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and... High Unreviewed
CVE-2025-13479 was published May 21, 2026
The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2026-1881 was published May 21, 2026
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action... High Unreviewed
CVE-2026-9136 was published May 20, 2026
A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId... Moderate Unreviewed
CVE-2026-9087 was published May 20, 2026
phpMyFAQ: IDOR Account Takeover High
CVE-2026-35671 was published for phpmyfaq/phpmyfaq (Composer) May 20, 2026
cyberHunter127 Credited to cyberHunter127
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is... Moderate Unreviewed
CVE-2026-6566 was published May 20, 2026
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-6072 was published May 20, 2026
MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path Critical
GHSA-g53w-w6mj-hrpp was published for github.com/Kuadrant/mcp-gateway (Go) May 19, 2026
Bhuvanesh66 Credited to Bhuvanesh66
Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the ... Critical Unreviewed
CVE-2026-42097 was published May 19, 2026
A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object... Moderate Unreviewed
CVE-2026-4630 was published May 19, 2026
A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can... Moderate Unreviewed
CVE-2026-37978 was published May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database