Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,431 advisories

Loading
In Soft Serve, an authenticated repo import can clone server-local private repositories High
CVE-2026-33353 was published for github.com/charmbracelet/soft-serve (Go) Mar 19, 2026
evnsh Credited to evnsh
Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows... High Unreviewed
CVE-2026-25443 was published Mar 19, 2026
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access... High Unreviewed
CVE-2026-25312 was published Mar 19, 2026
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-2992 was published Mar 18, 2026
Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before... High Unreviewed
CVE-2026-4064 was published Mar 17, 2026
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization High
CVE-2026-30911 was published for apache-airflow (pip) Mar 17, 2026
Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability High
CVE-2026-32268 was published for craftcms/azure-blob (Composer) Mar 16, 2026
Neosprings Credited to Neosprings
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and... High Unreviewed
CVE-2026-25083 was published Mar 16, 2026
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is... High Unreviewed
CVE-2026-3045 was published Mar 13, 2026
The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all... High Unreviewed
CVE-2026-2890 was published Mar 13, 2026
wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows... High Unreviewed
CVE-2026-22182 was published Mar 13, 2026
Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes High
CVE-2026-31800 was published for parse-server (npm) Mar 11, 2026
theinfosecguy Credited to theinfosecguy and mtrezza mtrezza mtrezza
PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism... High Unreviewed
CVE-2026-26741 was published Mar 10, 2026
PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re... High Unreviewed
CVE-2026-26742 was published Mar 10, 2026
SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren High
CVE-2026-30926 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 9, 2026
Zwique Credited to Zwique
OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding High
CVE-2026-30920 was published for @oneuptime/common (npm) Mar 9, 2026
maru1009 Credited to maru1009
Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration High
CVE-2026-30823 was published for flowise (npm) Mar 6, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin... High Unreviewed
CVE-2026-1720 was published Mar 5, 2026
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2026-1321 was published Mar 5, 2026
Missing Authorization vulnerability in Frenify Guff guff allows Exploiting Incorrectly Configured... High Unreviewed
CVE-2026-28076 was published Mar 5, 2026
Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive... High Unreviewed
CVE-2026-27361 was published Mar 5, 2026
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting... High Unreviewed
CVE-2026-27396 was published Mar 5, 2026
Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes... High Unreviewed
CVE-2026-27386 was published Mar 5, 2026
Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes... High Unreviewed
CVE-2026-27388 was published Mar 5, 2026
Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order... High Unreviewed
CVE-2026-27374 was published Mar 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database