GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
404 advisories
Filter by severity
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do...
High
Unreviewed
CVE-2026-25654
was published
Apr 14, 2026
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that...
High
Unreviewed
CVE-2026-40043
was published
Apr 13, 2026
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level...
High
Unreviewed
CVE-2026-29002
was published
Apr 10, 2026
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with...
High
Unreviewed
CVE-2026-32589
was published
Apr 8, 2026
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2026-5465
was published
Apr 7, 2026
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible...
High
Unreviewed
CVE-2026-4896
was published
Apr 4, 2026
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel...
High
Unreviewed
CVE-2026-32976
was published
Mar 31, 2026
Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows...
High
Unreviewed
CVE-2026-4400
was published
Mar 31, 2026
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1...
High
Unreviewed
CVE-2026-3321
was published
Mar 30, 2026
The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in...
High
Unreviewed
CVE-2026-3124
was published
Mar 30, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription...
High
Unreviewed
CVE-2025-69347
was published
Mar 25, 2026
Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the...
High
Unreviewed
CVE-2026-3020
was published
Mar 16, 2026
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2026-1947
was published
Mar 16, 2026
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows...
High
Unreviewed
CVE-2016-20033
was published
Mar 16, 2026
A broken access control may allow an authenticated user to perform a
horizontal privilege...
High
Unreviewed
CVE-2026-3999
was published
Mar 13, 2026
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure...
High
Unreviewed
CVE-2026-1992
was published
Mar 11, 2026
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
High
Unreviewed
CVE-2026-3453
was published
Mar 11, 2026
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a...
High
Unreviewed
CVE-2026-0020
was published
Mar 2, 2026
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without...
High
Unreviewed
CVE-2025-58402
was published
Mar 2, 2026
Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy...
High
Unreviewed
CVE-2026-24950
was published
Feb 20, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet...
High
Unreviewed
CVE-2026-22383
was published
Feb 20, 2026
Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows...
High
Unreviewed
CVE-2025-69394
was published
Feb 20, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket...
High
Unreviewed
CVE-2025-68051
was published
Feb 20, 2026
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and...
High
Unreviewed
CVE-2025-9062
was published
Feb 19, 2026
Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the...
High
Unreviewed
CVE-2026-1436
was published
Feb 18, 2026
ProTip!
Advisories are also available from the
GraphQL API