GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,135
Composer 5,773
Erlang 55
GitHub Actions 50
Go 3,732
Maven 6,532
npm 6,042
NuGet 935
pip 4,952
Pub 13
RubyGems 1,055
Rust 1,343
Swift 54

Unreviewed advisories

All unreviewed 301,066

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

405 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized... Critical Unreviewed

CVE-2026-33109 was published May 8, 2026

An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically... Critical Unreviewed

CVE-2026-5779 was published Apr 28, 2026

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate... Critical Unreviewed

CVE-2026-24303 was published Apr 24, 2026

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed

CVE-2026-34287 was published Apr 21, 2026

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi... Critical Unreviewed

CVE-2026-22564 was published Apr 14, 2026

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can... Critical Unreviewed

CVE-2026-31282 was published Apr 13, 2026

MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org... Critical Unreviewed

CVE-2026-31272 was published Apr 7, 2026

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper... Critical Unreviewed

CVE-2026-1114 was published Apr 7, 2026

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow... Critical Unreviewed

CVE-2026-35616 was published Apr 4, 2026

Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6... Critical Unreviewed

CVE-2021-4477 was published Apr 4, 2026

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to... Critical Unreviewed

CVE-2026-2699 was published Apr 2, 2026

An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio... Critical Unreviewed

CVE-2026-0898 was published Mar 23, 2026

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product... Critical Unreviewed

CVE-2026-21994 was published Mar 18, 2026

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed

CVE-2026-21667 was published Mar 12, 2026

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed

CVE-2026-21666 was published Mar 12, 2026

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Critical Unreviewed

CVE-2025-66956 was published Mar 11, 2026

Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148 and... Critical Unreviewed

CVE-2026-2768 was published Feb 24, 2026

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests... Critical Unreviewed

CVE-2026-21627 was published Feb 20, 2026

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker... Critical Unreviewed

CVE-2025-69634 was published Feb 12, 2026

Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft... Critical Unreviewed

CVE-2025-8025 was published Feb 11, 2026

Azure Front Door Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2026-24300 was published Feb 6, 2026

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the... Critical Unreviewed

CVE-2025-68721 was published Feb 5, 2026

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with... Critical Unreviewed

CVE-2025-70982 was published Jan 26, 2026

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to... Critical Unreviewed

CVE-2025-70985 was published Jan 23, 2026

Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with... Critical Unreviewed

CVE-2025-70983 was published Jan 23, 2026

Previous1…17 Next

Previous 1 2 3 4 5 … 16 17 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

405 advisories