Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6,681 advisories

Loading
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated... Low Unreviewed
CVE-2026-24310 was published Mar 10, 2026
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated... Moderate Unreviewed
CVE-2026-24309 was published Mar 10, 2026
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary... Moderate Unreviewed
CVE-2026-24313 was published Mar 10, 2026
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x... Critical Unreviewed
CVE-2025-11158 was published Mar 10, 2026
OneUptime has WhatsApp Resend Verification Authorization Bypass Moderate
CVE-2026-30959 was published for @oneuptime/common (npm) Mar 10, 2026
Aryma-f4 Credited to Aryma-f4
OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover Critical
CVE-2026-30956 was published for @oneuptime/common (npm) Mar 10, 2026
Zwique Credited to Zwique
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0... Moderate Unreviewed
CVE-2026-3638 was published Mar 9, 2026
SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren High
CVE-2026-30926 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 9, 2026
Zwique Credited to Zwique
Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization Moderate
CVE-2026-30850 was published for parse-server (npm) Mar 9, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding High
CVE-2026-30920 was published for @oneuptime/common (npm) Mar 9, 2026
maru1009 Credited to maru1009
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the... Critical Unreviewed
CVE-2025-41764 was published Mar 9, 2026
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the... Critical Unreviewed
CVE-2025-41765 was published Mar 9, 2026
The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification... Moderate Unreviewed
CVE-2026-1650 was published Mar 7, 2026
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-2488 was published Mar 7, 2026
AVideo has Unauthenticated IDOR - Playlist Information Disclosure Moderate
CVE-2026-30885 was published for wwbn/avideo (Composer) Mar 7, 2026
Akokonunes Credited to Akokonunes and neo-ai-engineer neo-ai-engineer neo-ai-engineer
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2026-2371 was published Mar 7, 2026
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is... Moderate Unreviewed
CVE-2026-1981 was published Mar 7, 2026
Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration High
CVE-2026-30823 was published for flowise (npm) Mar 6, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-28080 was published Mar 6, 2026
The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF... Critical Unreviewed
CVE-2026-2446 was published Mar 6, 2026
Sensitive information disclosure and manipulation due to insufficient authorization checks. The... Moderate Unreviewed
CVE-2025-11791 was published Mar 6, 2026
OliveTin doesn't check view permission when returning dashboards Moderate
CVE-2026-30233 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin... High Unreviewed
CVE-2026-1720 was published Mar 5, 2026
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2026-1321 was published Mar 5, 2026
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2026-3072 was published Mar 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database