Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,473 advisories

Loading
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2023-4934 was published Sep 27, 2023
Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and... High Unreviewed
CVE-2025-13479 was published May 21, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[]... Low Unreviewed
CVE-2026-7886 was published May 22, 2026
Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express... Moderate Unreviewed
CVE-2026-7881 was published May 22, 2026
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in... High Unreviewed
CVE-2026-8679 was published May 22, 2026
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... High Unreviewed
CVE-2026-3473 was published May 26, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express... Low Unreviewed
CVE-2026-8347 was published May 26, 2026
Authorization bypass in the entry duplication feature in Devolutions Server allows an... Low Unreviewed
CVE-2026-9248 was published May 26, 2026
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM)... High Unreviewed
CVE-2026-35430 was published May 26, 2026
OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key... Moderate Unreviewed
CVE-2026-40127 was published May 26, 2026
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend... Moderate Unreviewed
CVE-2026-8204 was published May 21, 2026
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows... Critical Unreviewed
CVE-2026-41947 was published May 18, 2026
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview... High Unreviewed
CVE-2026-41949 was published May 18, 2026
code100x contains an authentication bypass vulnerability in the Mobile API that allows... High Unreviewed
CVE-2026-8890 was published May 26, 2026
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace... Moderate Unreviewed
CVE-2026-38587 was published May 26, 2026
Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload... Moderate Unreviewed
CVE-2026-42725 was published May 27, 2026
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp... High Unreviewed
CVE-2026-42736 was published May 27, 2026
When creating an export through the pretix API, API clients are returned an UUID value for their... Low Unreviewed
CVE-2026-9712 was published May 27, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18... High Unreviewed
CVE-2026-4868 was published May 27, 2026
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with... High Unreviewed
CVE-2026-32589 was published Apr 8, 2026
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2026-9228 was published May 28, 2026
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-9241 was published May 28, 2026
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2026-3173 was published May 28, 2026
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction,... Moderate Unreviewed
CVE-2026-7651 was published May 28, 2026
Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate... High Unreviewed
CVE-2026-38807 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database