GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 31,212
Composer 5,909
Erlang 70
GitHub Actions 52
Go 3,948
Maven 6,604
npm 6,342
NuGet 969
pip 5,225
Pub 13
RubyGems 1,062
Rust 1,383
Swift 56

Unreviewed advisories

All unreviewed 305,454

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

101 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the ... Critical Unreviewed

CVE-2026-42097 was published May 19, 2026

Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows... Critical Unreviewed

CVE-2026-41947 was published May 18, 2026

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software... Critical Unreviewed

CVE-2026-2347 was published May 14, 2026

Insufficient ownership checks in `clientarea.php` allow an authenticated client area user to... Critical Unreviewed

CVE-2026-29204 was published May 12, 2026

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20... Critical Unreviewed

CVE-2026-29200 was published May 4, 2026

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication... Critical Unreviewed

CVE-2026-24178 was published Apr 28, 2026

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed

CVE-2018-25270 was published Apr 22, 2026

An insecure direct object reference vulnerability in the Users API component of Crafty Controller... Critical Unreviewed

CVE-2026-5652 was published Apr 21, 2026

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the... Critical Unreviewed

CVE-2026-25197 was published Apr 3, 2026

Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for... Critical Unreviewed

CVE-2026-1496 was published Mar 27, 2026

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object... Critical Unreviewed

CVE-2017-20223 was published Mar 16, 2026

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows... Critical Unreviewed

CVE-2019-25487 was published Mar 11, 2026

An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited,... Critical Unreviewed

CVE-2025-40541 was published Feb 24, 2026

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home... Critical Unreviewed

CVE-2026-1201 was published Jan 23, 2026

Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp... Critical Unreviewed

CVE-2026-24379 was published Jan 22, 2026

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is... Critical Unreviewed

CVE-2025-15521 was published Jan 21, 2026

Affected devices do not properly enforce user authentication on specific API endpoints. This... Critical Unreviewed

CVE-2025-40805 was published Jan 13, 2026

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the ... Critical Unreviewed

CVE-2026-22234 was published Jan 8, 2026

The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account... Critical Unreviewed

CVE-2025-15018 was published Jan 7, 2026

The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed

CVE-2025-15001 was published Jan 6, 2026

The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2025-14996 was published Jan 6, 2026

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all... Critical Unreviewed

CVE-2025-14998 was published Jan 2, 2026

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability... Critical Unreviewed

CVE-2023-53955 was published Dec 23, 2025

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to... Critical Unreviewed

CVE-2025-10910 was published Dec 18, 2025

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated... Critical Unreviewed

CVE-2023-53914 was published Dec 18, 2025

Previous1…5 Next

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

101 advisories