Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

838 advisories

Loading
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction... Moderate Unreviewed
CVE-2026-6542 was published May 1, 2026
n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure Moderate
CVE-2026-42227 was published for n8n (npm) Apr 29, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections Moderate
GHSA-f5fm-9jmp-c88r was published for openclaw (npm) Apr 28, 2026 withdrawn
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application Moderate Unreviewed
CVE-2025-15626 was published Apr 27, 2026
OpenClaw: Hook mapping templates could bypass hook session-key opt-in Moderate
CVE-2026-45002 was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2026-6810 was published Apr 24, 2026
The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to... Moderate Unreviewed
CVE-2026-2028 was published Apr 24, 2026
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly... Moderate Unreviewed
CVE-2025-66286 was published Apr 23, 2026
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2026-1541 was published Apr 22, 2026
A vulnerability in the web application allows unauthorized users to access and manipulate... Moderate Unreviewed
CVE-2026-6355 was published Apr 22, 2026
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed
CVE-2026-3307 was published Apr 22, 2026
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated... Moderate Unreviewed
CVE-2025-66954 was published Apr 20, 2026
The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2026-5234 was published Apr 17, 2026
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... Moderate Unreviewed
CVE-2026-4160 was published Apr 16, 2026
Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo... Moderate Unreviewed
CVE-2026-40737 was published Apr 15, 2026
WWBN AVideo has an IDOR in Live Restreams list.json.php Exposes Other Users' Stream Keys and OAuth Tokens Moderate
CVE-2026-40907 was published for wwbn/avideo (Composer) Apr 14, 2026
offset Credited to offset
MCPHub has an authentication bypass Moderate
CVE-2025-13822 was published for @samanhappy/mcphub (npm) Apr 14, 2026
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-3371 was published Apr 11, 2026
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2026-3568 was published Apr 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18... Moderate Unreviewed
CVE-2026-2104 was published Apr 9, 2026
Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to... Moderate Unreviewed
CVE-2026-5875 was published Apr 9, 2026
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference... Moderate Unreviewed
CVE-2026-35023 was published Apr 8, 2026
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments... Moderate Unreviewed
CVE-2026-39616 was published Apr 8, 2026
Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream... Moderate Unreviewed
CVE-2026-39526 was published Apr 8, 2026
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-4654 was published Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database