Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,092
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

7,677 advisories

Loading
Gogs Missing Authorization in Attachment Download High
CVE-2026-52799 was published for gogs.io/gogs (Go) Jun 22, 2026
odgrso Credited to odgrso
Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials High
CVE-2026-50137 was published for @budibase/server (npm) Jun 22, 2026
tonghuaroot Credited to tonghuaroot
Paymenter has broken object level authorization via service reference manipulation on ticket creation Moderate
CVE-2026-44585 was published for paymenter/paymenter (Composer) Jun 22, 2026
ljskatt Credited to ljskatt and CorwinDev CorwinDev CorwinDev
Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2026-56104 was published Jun 22, 2026
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine... Moderate Unreviewed
CVE-2026-8934 was published Jun 22, 2026
AVideo's Privilege Escalation via Unguarded Permission Parameters in signUp API Allows Self-Granting Upload/Stream/Meet Permissions Moderate
CVE-2026-33684 was published for wwbn/avideo (Composer) Jun 22, 2026
offset Credited to offset
Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17... Moderate Unreviewed
CVE-2026-5139 was published Jun 22, 2026
MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and... Critical Unreviewed
CVE-2026-56423 was published Jun 22, 2026
Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that... High Unreviewed
CVE-2026-44914 was published Jun 22, 2026
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on... Moderate Unreviewed
CVE-2026-7859 was published Jun 22, 2026
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and... High Unreviewed
CVE-2026-56396 was published Jun 21, 2026
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A... Moderate Unreviewed
CVE-2026-56384 was published Jun 21, 2026
AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment... High Unreviewed
CVE-2026-56341 was published Jun 20, 2026
The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a... Moderate Unreviewed
CVE-2026-12119 was published Jun 20, 2026
The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to... High Unreviewed
CVE-2026-11912 was published Jun 20, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public... Moderate Unreviewed
CVE-2026-56213 was published Jun 20, 2026
Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions Moderate
GHSA-mxjx-28vx-xjjj was published for network-ai (npm) Jun 19, 2026
EchoSkorJjj Credited to EchoSkorJjj
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-48582 was published Jun 19, 2026
The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization... Moderate Unreviewed
CVE-2026-12238 was published Jun 19, 2026
AlchemyCMS: Unauthenticated nested page API leaks restricted & unpublished content High
GHSA-mqq5-j7w8-2hgh was published for alchemy_cms (RubyGems) Jun 19, 2026
Haxset Credited to Haxset
DotVVM: Missing authorization in AuthorizeActionFilter Critical
GHSA-c8qj-jx8j-fg2w was published for DotVVM (NuGet) Jun 19, 2026
NL Portal Backend Libraries: Unauthenticated form resolver forwards the privileged Objecten-API token to a caller-supplied URL (SSRF) Moderate
CVE-2026-55414 was published for nl.nl-portal:form (Maven) Jun 19, 2026
The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-6798 was published Jun 19, 2026
The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in... Moderate Unreviewed
CVE-2026-3640 was published Jun 19, 2026
The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up... Moderate Unreviewed
CVE-2026-9013 was published Jun 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database