Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,432 advisories

Loading
Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows... High Unreviewed
CVE-2026-22479 was published Mar 5, 2026
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon... High Unreviewed
CVE-2025-69340 was published Mar 5, 2026
Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The... High Unreviewed
CVE-2026-3266 was published Mar 4, 2026
Craft CMS has IDOR via GraphQL @parseRefs High
CVE-2026-28696 was published for craftcms/cms (Composer) Mar 3, 2026
z3rco Credited to z3rco
Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user High
GHSA-hwm2-4ph6-w6m5 was published for github.com/rancher/rancher (Go) Mar 3, 2026
OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools High
GHSA-jr6x-2q95-fh2g was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login High
CVE-2026-28790 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
kule500 Credited to kule500
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to... High Unreviewed
CVE-2026-0023 was published Mar 2, 2026
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any... High Unreviewed
CVE-2026-0026 was published Mar 2, 2026
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a... High Unreviewed
CVE-2025-48634 was published Mar 2, 2026
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept... High Unreviewed
CVE-2025-48574 was published Mar 2, 2026
In multiple functions of MediaProvider.java, there is a possible way to bypass the... High Unreviewed
CVE-2025-48578 was published Mar 2, 2026
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated... High Unreviewed
CVE-2026-28557 was published Mar 1, 2026
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API High
CVE-2026-27946 was published for github.com/zitadel/zitadel (Go) Feb 27, 2026
livio-a Credited to livio-a and IAM-marco IAM-marco IAM-marco
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint High
CVE-2026-27836 was published for thorsten/phpmyfaq (Composer) Feb 27, 2026
offensiveee Credited to offensiveee
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions... High Unreviewed
CVE-2026-28193 was published Feb 25, 2026
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for... High Unreviewed
CVE-2026-26103 was published Feb 25, 2026
The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2026-1916 was published Feb 25, 2026
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization... High Unreviewed
CVE-2026-22765 was published Feb 24, 2026
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This... High Unreviewed
CVE-2026-2038 was published Feb 21, 2026
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This... High Unreviewed
CVE-2026-2039 was published Feb 21, 2026
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting... High Unreviewed
CVE-2026-24941 was published Feb 20, 2026
Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured... High Unreviewed
CVE-2025-69393 was published Feb 20, 2026
Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick... High Unreviewed
CVE-2025-69381 was published Feb 20, 2026
Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework... High Unreviewed
CVE-2025-69303 was published Feb 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database