GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 31,212
Composer 5,909
Erlang 70
GitHub Actions 52
Go 3,948
Maven 6,604
npm 6,342
NuGet 969
pip 5,225
Pub 13
RubyGems 1,062
Rust 1,383
Swift 56

Unreviewed advisories

All unreviewed 305,454

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

363 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference... High Unreviewed

CVE-2026-9493 was published May 29, 2026

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18... High Unreviewed

CVE-2026-4868 was published May 27, 2026

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate... High Unreviewed

CVE-2026-38807 was published May 27, 2026

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp... High Unreviewed

CVE-2026-42736 was published May 27, 2026

code100x contains an authentication bypass vulnerability in the Mobile API that allows... High Unreviewed

CVE-2026-8890 was published May 26, 2026

Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM)... High Unreviewed

CVE-2026-35430 was published May 26, 2026

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... High Unreviewed

CVE-2026-3473 was published May 26, 2026

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in... High Unreviewed

CVE-2026-8679 was published May 22, 2026

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and... High Unreviewed

CVE-2025-13479 was published May 21, 2026

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action... High Unreviewed

CVE-2026-9136 was published May 20, 2026

Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview... High Unreviewed

CVE-2026-41949 was published May 18, 2026

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with... High Unreviewed

CVE-2026-8629 was published May 14, 2026

Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology... High Unreviewed

CVE-2025-15025 was published May 14, 2026

Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and... High Unreviewed

CVE-2025-12008 was published May 14, 2026

Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘... High Unreviewed

CVE-2026-5798 was published May 14, 2026

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... High Unreviewed

CVE-2026-5395 was published May 14, 2026

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User... High Unreviewed

CVE-2026-5396 was published May 14, 2026

Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS... High Unreviewed

CVE-2026-6001 was published May 12, 2026

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object... High Unreviewed

CVE-2026-38568 was published May 11, 2026

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege... High Unreviewed

CVE-2026-33356 was published May 11, 2026

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability... High Unreviewed

CVE-2026-44400 was published May 8, 2026

Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information... High Unreviewed

CVE-2026-41471 was published May 4, 2026

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible... High Unreviewed

CVE-2026-2554 was published May 2, 2026

School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing... High Unreviewed

CVE-2026-7491 was published May 2, 2026

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view... High Unreviewed

CVE-2026-4503 was published Apr 30, 2026

Previous1…15 Next

Previous 1 2 3 4 5 … 14 15 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

363 advisories