Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

534 advisories

Loading
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions. High Unreviewed
CVE-2026-56029 was published Jun 26, 2026
Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS... High Unreviewed
CVE-2026-56243 was published Jun 23, 2026
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows... High Unreviewed
CVE-2020-37255 was published Jun 20, 2026
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass... Critical Unreviewed
CVE-2019-25763 was published Jun 20, 2026
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation High
GHSA-4qq2-2j2x-x62c was published for praisonai (npm) Jun 18, 2026
rexpository Credited to rexpository
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API... Moderate Unreviewed
CVE-2026-54817 was published Jun 17, 2026
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions. High Unreviewed
CVE-2026-54804 was published Jun 17, 2026
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions. Moderate Unreviewed
CVE-2026-49071 was published Jun 17, 2026
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions. Critical Unreviewed
CVE-2026-49767 was published Jun 17, 2026
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions. High Unreviewed
CVE-2026-42629 was published Jun 17, 2026
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions. High Unreviewed
CVE-2026-25439 was published Jun 17, 2026
Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts High
CVE-2026-53622 was published for Traefik (Go) Jun 16, 2026
kamil-sawicki Credited to kamil-sawicki
Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass High
CVE-2026-48491 was published for Traefik (Go) Jun 16, 2026
kamil-sawicki Credited to kamil-sawicki
syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an... High Unreviewed
CVE-2026-12225 was published Jun 16, 2026
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. High Unreviewed
CVE-2026-48970 was published Jun 15, 2026
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. Critical Unreviewed
CVE-2026-49764 was published Jun 15, 2026
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions. High Unreviewed
CVE-2026-42411 was published Jun 15, 2026
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0... High Unreviewed
CVE-2026-42668 was published Jun 15, 2026
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions. Moderate Unreviewed
CVE-2026-42378 was published Jun 15, 2026
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. Moderate Unreviewed
CVE-2026-40790 was published Jun 15, 2026
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions. High Unreviewed
CVE-2026-40785 was published Jun 15, 2026
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. High Unreviewed
CVE-2026-40781 was published Jun 15, 2026
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. Moderate Unreviewed
CVE-2026-40799 was published Jun 15, 2026
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. High Unreviewed
CVE-2026-39450 was published Jun 15, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js... High Unreviewed
CVE-2026-49062 was published Jun 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database