Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,473 advisories

Loading
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18... Moderate Unreviewed
CVE-2026-3074 was published May 14, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18... Moderate Unreviewed
CVE-2026-6063 was published May 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7,... Moderate Unreviewed
CVE-2026-1338 was published May 14, 2026
The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User... High Unreviewed
CVE-2026-5396 was published May 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18... Moderate Unreviewed
CVE-2026-3073 was published May 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18... Moderate Unreviewed
CVE-2025-13874 was published May 14, 2026
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is... Moderate Unreviewed
CVE-2026-7648 was published May 14, 2026
Insufficient ownership checks in `clientarea.php` allow an authenticated client area user to... Critical Unreviewed
CVE-2026-29204 was published May 12, 2026
An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send... Moderate Unreviewed
CVE-2023-30059 was published May 12, 2026
Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS... High Unreviewed
CVE-2026-6001 was published May 12, 2026
HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object... High Unreviewed
CVE-2026-38568 was published May 11, 2026
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege... High Unreviewed
CVE-2026-33356 was published May 11, 2026
MantisBT Has Authorization Bypass in Global Profile Creation Moderate
CVE-2026-33052 was published for mantisbt/mantisbt (Composer) May 11, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
Open WebUI has inconsistent authorization controls within memories API High
CVE-2026-44570 was published for open-webui (pip) May 11, 2026
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability... High Unreviewed
CVE-2026-44400 was published May 8, 2026
Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist... Moderate Unreviewed
CVE-2026-27329 was published May 7, 2026
Spring Cloud Config has an Authorization Bypass Through User-Controlled Key High
CVE-2026-40981 was published for org.springframework.cloud:spring-cloud-config (Maven) May 7, 2026
gittuf's policy can be rolled back to prior valid versions Moderate
CVE-2026-44544 was published for github.com/gittuf/gittuf (Go) May 7, 2026
andrew Credited to andrew
ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check Moderate
CVE-2026-44426 was published for github.com/shellhub-io/shellhub (Go) May 7, 2026
Edu0x01 Credited to Edu0x01
Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR) High
CVE-2026-44504 was published for aegra-api (pip) May 7, 2026
victorjmarin Credited to victorjmarin
ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data Moderate
CVE-2026-44423 was published for github.com/shellhub-io/shellhub (Go) May 6, 2026
Edu0x01 Credited to Edu0x01
ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace Moderate
CVE-2026-44424 was published for github.com/shellhub-io/shellhub (Go) May 6, 2026
Edu0x01 Credited to Edu0x01
Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds` Moderate
CVE-2026-42572 was published for github.com/hatchet-dev/hatchet (Go) May 6, 2026
sajdakabir Credited to sajdakabir
A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote... Moderate Unreviewed
CVE-2026-20219 was published May 6, 2026
Velocidex Velociraptor has an authorization bypass vulnerability Moderate
CVE-2026-7573 was published for www.velocidex.com/golang/velociraptor (Go) May 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database