Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

7,214 advisories

Loading
Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count Moderate
GHSA-pj6q-4vq4-r8cg was published for github.com/lin-snow/Ech0 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation Moderate
GHSA-rgj7-vg8v-j4wr was published for github.com/lin-snow/ech0 (Go) May 7, 2026
VashuVats Credited to VashuVats
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting... Moderate Unreviewed
CVE-2026-25436 was published May 7, 2026
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27416 was published May 7, 2026
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation... Moderate Unreviewed
CVE-2025-66105 was published May 7, 2026
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up... Moderate Unreviewed
CVE-2026-6214 was published May 7, 2026
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed
CVE-2026-4807 was published May 7, 2026
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up... Moderate Unreviewed
CVE-2026-6222 was published May 7, 2026
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI High
CVE-2026-42083 was published for github.com/free5gc/pcf (Go) May 7, 2026
LinZiyuu Credited to LinZiyuu
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening Critical
GHSA-9h64-2846-7x7f was published for github.com/getaxonflow/axonflow (Go) May 6, 2026
Lemmy may expose private community data through community, saved, liked, and modlog API views Moderate
GHSA-95q8-x6r6-672m was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Private Lemmy instances expose multi-community metadata without authentication Moderate
GHSA-jmxc-hhwx-gvv3 was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
kube-router: GoBGP gRPC Admin Port Exposed on Node Primary IP Without Authentication, Allowing Cluster-Wide BGP Route Injection Moderate
GHSA-v5mh-h5hx-7v92 was published for github.com/cloudnativelabs/kube-router (Go) May 6, 2026
offset Credited to offset
OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin... Moderate Unreviewed
CVE-2026-43579 was published May 6, 2026
OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows... Moderate Unreviewed
CVE-2026-43580 was published May 6, 2026
OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass... High Unreviewed
CVE-2026-43577 was published May 6, 2026
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in... Critical Unreviewed
CVE-2026-43575 was published May 6, 2026
OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery... Moderate Unreviewed
CVE-2026-43583 was published May 6, 2026
phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User Moderate
GHSA-rm98-82fr-mcfx was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
offset Credited to offset
phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags Moderate
GHSA-7cx3-2qx2-3g6w was published for phpmyfaq/phpmyfaq (Composer) May 6, 2026
offset Credited to offset
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow... Moderate Unreviewed
CVE-2026-20189 was published May 6, 2026
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated... Moderate Unreviewed
CVE-2026-20193 was published May 6, 2026
Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure High
CVE-2026-44012 was published for craftcms/cms (Composer) May 6, 2026
offset Credited to offset
Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure High
CVE-2026-44010 was published for craftcms/cms (Composer) May 6, 2026
joshuaalwin Credited to joshuaalwin
The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing... Moderate Unreviewed
CVE-2026-5753 was published May 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database