Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,473 advisories

Loading
AVideo: IDOR in PayPalYPT Plugin Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements Moderate
CVE-2026-43883 was published for wwbn/avideo (Composer) May 5, 2026
offset Credited to offset
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows... Moderate Unreviewed
CVE-2026-41950 was published May 5, 2026
Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic High
CVE-2026-42609 was published for getgrav/grav (Composer) May 5, 2026
AnhNg1410 Credited to AnhNg1410
The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2026-3454 was published May 5, 2026
The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to,... Moderate Unreviewed
CVE-2026-2729 was published May 5, 2026
Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information... High Unreviewed
CVE-2026-41471 was published May 4, 2026
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20... Critical Unreviewed
CVE-2026-29200 was published May 4, 2026
During the analysis, it was identified that authenticated attackers with Subscriber-level access... Moderate Unreviewed
CVE-2026-5337 was published May 3, 2026
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible... High Unreviewed
CVE-2026-2554 was published May 2, 2026
School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing... High Unreviewed
CVE-2026-7491 was published May 2, 2026
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is... Moderate Unreviewed
CVE-2026-7638 was published May 2, 2026
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction... Moderate Unreviewed
CVE-2026-6542 was published May 1, 2026
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view... High Unreviewed
CVE-2026-4503 was published Apr 30, 2026
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc... High Unreviewed
CVE-2026-7399 was published Apr 30, 2026
n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure Moderate
CVE-2026-42227 was published for n8n (npm) Apr 29, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
This vulnerability exists in e-Sushrut due to improper authorization checks during resource... High Unreviewed
CVE-2026-42516 was published Apr 29, 2026
This vulnerability exists in e-Sushrut due to improper access control in resource access... High Unreviewed
CVE-2026-42515 was published Apr 29, 2026
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for... High Unreviewed
CVE-2026-42517 was published Apr 29, 2026
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication... Critical Unreviewed
CVE-2026-24178 was published Apr 28, 2026
Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections Moderate
GHSA-f5fm-9jmp-c88r was published for openclaw (npm) Apr 28, 2026 withdrawn
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT... High Unreviewed
CVE-2026-28747 was published Apr 28, 2026
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application Moderate Unreviewed
CVE-2025-15626 was published Apr 27, 2026
OpenClaw: Hook mapping templates could bypass hook session-key opt-in Moderate
CVE-2026-45002 was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources High
CVE-2026-42205 was published for avo (RubyGems) Apr 24, 2026
xIllunight Credited to xIllunight
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2026-6810 was published Apr 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database