GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
521 advisories
Filter by severity
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in...
High
Unreviewed
CVE-2026-8679
was published
May 22, 2026
Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and...
High
Unreviewed
CVE-2025-13479
was published
May 21, 2026
Apache Camel K: Kubernetes namespace authorized users can create a Build resource
High
CVE-2026-45760
was published
for
github.com/apache/camel-k/v2
(Go)
May 21, 2026
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action...
High
Unreviewed
CVE-2026-9136
was published
May 20, 2026
phpMyFAQ: IDOR Account Takeover
High
CVE-2026-35671
was published
for
phpmyfaq/phpmyfaq
(Composer)
May 20, 2026
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview...
High
Unreviewed
CVE-2026-41949
was published
May 18, 2026
AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`, allowing any caller with the Meet shared secret to obtain a session as arbitrary users including admin
High
GHSA-qxvm-r42f-5p8j
was published
for
WWBN/AVideo
(Composer)
May 15, 2026
Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
High
CVE-2026-44692
was published
for
code16/sharp
(Composer)
May 15, 2026
Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with...
High
Unreviewed
CVE-2026-8629
was published
May 14, 2026
Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletion
High
CVE-2026-45671
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints
High
CVE-2026-45402
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls
High
CVE-2026-45398
was published
for
open-webui
(pip)
May 14, 2026
Open WebUI has Broken Access Control for Completions API
High
CVE-2026-45349
was published
for
open-webui
(pip)
May 14, 2026
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
High
CVE-2026-45732
was published
for
n8n
(npm)
May 14, 2026
Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘...
High
Unreviewed
CVE-2026-5798
was published
May 14, 2026
Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and...
High
Unreviewed
CVE-2025-12008
was published
May 14, 2026
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology...
High
Unreviewed
CVE-2025-15025
was published
May 14, 2026
FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
High
CVE-2026-46441
was published
for
flowise
(npm)
May 14, 2026
FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment
High
CVE-2026-42863
was published
for
flowise
(npm)
May 14, 2026
FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment
High
CVE-2026-42862
was published
for
flowise
(npm)
May 14, 2026
FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment
High
CVE-2026-42861
was published
for
flowise
(npm)
May 14, 2026
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin...
High
Unreviewed
CVE-2026-5395
was published
May 14, 2026
The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User...
High
Unreviewed
CVE-2026-5396
was published
May 14, 2026
Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS...
High
Unreviewed
CVE-2026-6001
was published
May 12, 2026
HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object...
High
Unreviewed
CVE-2026-38568
was published
May 11, 2026
ProTip!
Advisories are also available from the
GraphQL API