GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 31,212
Composer 5,909
Erlang 70
GitHub Actions 52
Go 3,948
Maven 6,604
npm 6,342
NuGet 969
pip 5,225
Pub 13
RubyGems 1,062
Rust 1,383
Swift 56

Unreviewed advisories

All unreviewed 305,454

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,174 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows... Moderate Unreviewed

CVE-2024-13063 was published Jun 1, 2026

The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched... Moderate Unreviewed

CVE-2026-46764 was published Jun 1, 2026

A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/... Unknown Unreviewed

CVE-2026-41084 was published Jun 1, 2026

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of... Moderate Unreviewed

CVE-2026-49386 was published May 29, 2026

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference... High Unreviewed

CVE-2026-9493 was published May 29, 2026

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction,... Moderate Unreviewed

CVE-2026-7651 was published May 28, 2026

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed

CVE-2026-3173 was published May 28, 2026

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed

CVE-2026-9228 was published May 28, 2026

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2026-9241 was published May 28, 2026

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18... High Unreviewed

CVE-2026-4868 was published May 27, 2026

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate... High Unreviewed

CVE-2026-38807 was published May 27, 2026

When creating an export through the pretix API, API clients are returned an UUID value for their... Low Unreviewed

CVE-2026-9712 was published May 27, 2026

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload... Moderate Unreviewed

CVE-2026-42725 was published May 27, 2026

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp... High Unreviewed

CVE-2026-42736 was published May 27, 2026

code100x contains an authentication bypass vulnerability in the Mobile API that allows... High Unreviewed

CVE-2026-8890 was published May 26, 2026

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace... Moderate Unreviewed

CVE-2026-38587 was published May 26, 2026

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key... Moderate Unreviewed

CVE-2026-40127 was published May 26, 2026

Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM)... High Unreviewed

CVE-2026-35430 was published May 26, 2026

Authorization bypass in the entry duplication feature in Devolutions Server allows an... Low Unreviewed

CVE-2026-9248 was published May 26, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express... Low Unreviewed

CVE-2026-8347 was published May 26, 2026

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... High Unreviewed

CVE-2026-3473 was published May 26, 2026

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in... High Unreviewed

CVE-2026-8679 was published May 22, 2026

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express... Moderate Unreviewed

CVE-2026-7881 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[]... Low Unreviewed

CVE-2026-7886 was published May 22, 2026

Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend... Moderate Unreviewed

CVE-2026-8204 was published May 21, 2026

Previous1…47 Next

Previous 1 2 3 4 5 … 46 47 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,174 advisories