Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
When creating an export through the pretix API, API clients are returned an UUID value for their... Low Unreviewed
CVE-2026-9712 was published May 27, 2026
Authorization bypass in the entry duplication feature in Devolutions Server allows an... Low Unreviewed
CVE-2026-9248 was published May 26, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express... Low Unreviewed
CVE-2026-8347 was published May 26, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[]... Low Unreviewed
CVE-2026-7886 was published May 22, 2026
xxl-job Jobs Handler remove function allows improper control of resource identifiers via ID parameter Low
CVE-2025-9264 was published for com.xuxueli:xxl-job-admin (Maven) Aug 21, 2025
xxl-job Vulnerable to Resource Injection and Authorization Bypass Through User-Controlled Key Low
CVE-2025-9263 was published for com.xuxueli:xxl-job-admin (Maven) Aug 21, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects... Low Unreviewed
CVE-2024-30507 was published Mar 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments –... Low Unreviewed
CVE-2023-46311 was published Dec 20, 2023
OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens Low
CVE-2026-35624 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Low
CVE-2026-35617 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID Low
GHSA-9pm8-vwc5-w2hm was published for fat_free_crm (RubyGems) Apr 14, 2026
bgeesaman Credited to bgeesaman
Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery... Low Unreviewed
CVE-2026-39510 was published Apr 8, 2026
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode... Low Unreviewed
CVE-2024-1075 was published Feb 6, 2024
Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster Low
CVE-2026-5199 was published for go.temporal.io/server (Go) Apr 1, 2026
Keycloak vulnerable to authorization bypass via the Admin API Low
CVE-2026-2366 was published for @keycloak/keycloak-admin-client (Maven) Mar 12, 2026
Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories Low
CVE-2026-29071 was published for open-webui (pip) Mar 27, 2026
MariuszMaik Credited to MariuszMaik
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata Low
GHSA-44px-qjjc-xrhq was published for craftcms/cms (Composer) Mar 26, 2026
GCXWLP Credited to GCXWLP
Craft CMS may expose private assets through anonymous "generate transform" calls via transform URL Low
CVE-2026-33160 was published for craftcms/cms (Composer) Mar 24, 2026
GCXWLP Credited to GCXWLP
StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens Low
CVE-2026-32638 was published for studiocms (npm) Mar 16, 2026
offset Credited to offset and Adammatthiesen Adammatthiesen Adammatthiesen
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data Low
CVE-2026-27838 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6,... Low Unreviewed
CVE-2025-14594 was published Feb 11, 2026
Chainlit contains an authorization bypass vulnerability Low
CVE-2025-68492 was published for chainlit (pip) Jan 14, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on... Low Unreviewed
CVE-2025-69274 was published Jan 12, 2026
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a... Low Unreviewed
CVE-2025-12954 was published Dec 3, 2025
pretix has Broken Access Control Allowing Cross-User File Access via UUID Low
CVE-2025-14882 was published for pretix (pip) Dec 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database