GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 31,212
Composer 5,909
Erlang 70
GitHub Actions 52
Go 3,948
Maven 6,604
npm 6,342
NuGet 969
pip 5,225
Pub 13
RubyGems 1,062
Rust 1,383
Swift 56

Unreviewed advisories

All unreviewed 305,454

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,174 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication... Critical Unreviewed

CVE-2026-24178 was published Apr 28, 2026

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT... High Unreviewed

CVE-2026-28747 was published Apr 28, 2026

Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application Moderate Unreviewed

CVE-2025-15626 was published Apr 27, 2026

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed

CVE-2026-6810 was published Apr 24, 2026

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to... Moderate Unreviewed

CVE-2026-2028 was published Apr 24, 2026

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name... High Unreviewed

CVE-2026-6375 was published Apr 23, 2026

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly... Moderate Unreviewed

CVE-2025-66286 was published Apr 23, 2026

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up... High Unreviewed

CVE-2026-5617 was published Apr 22, 2026

The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed

CVE-2026-1541 was published Apr 22, 2026

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed

CVE-2018-25270 was published Apr 22, 2026

A vulnerability in the web application allows unauthorized users to access and manipulate... Moderate Unreviewed

CVE-2026-6355 was published Apr 22, 2026

An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process... High Unreviewed

CVE-2026-5750 was published Apr 22, 2026

An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in... High Unreviewed

CVE-2026-5845 was published Apr 22, 2026

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed

CVE-2026-3307 was published Apr 22, 2026

An insecure direct object reference vulnerability in the Users API component of Crafty Controller... Critical Unreviewed

CVE-2026-5652 was published Apr 21, 2026

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated... Moderate Unreviewed

CVE-2025-66954 was published Apr 20, 2026

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed

CVE-2026-5234 was published Apr 17, 2026

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... Moderate Unreviewed

CVE-2026-4160 was published Apr 16, 2026

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo... Moderate Unreviewed

CVE-2026-40737 was published Apr 15, 2026

Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif... High Unreviewed

CVE-2026-40784 was published Apr 15, 2026

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do... High Unreviewed

CVE-2026-25654 was published Apr 14, 2026

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that... High Unreviewed

CVE-2026-40043 was published Apr 13, 2026

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2026-3371 was published Apr 11, 2026

CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level... High Unreviewed

CVE-2026-29002 was published Apr 10, 2026

The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed

CVE-2026-3568 was published Apr 9, 2026

Previous 1…4…47 Next

Previous 1 2 3 4 5 6 … 46 47 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,174 advisories