Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

4,774 advisories

Loading
The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and... Moderate Unreviewed
CVE-2026-3335 was published Mar 21, 2026
The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up... Moderate Unreviewed
CVE-2026-3651 was published Mar 21, 2026
The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed
CVE-2026-3645 was published Mar 21, 2026
The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all... Moderate Unreviewed
CVE-2026-3506 was published Mar 21, 2026
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions... Moderate Unreviewed
CVE-2026-3570 was published Mar 21, 2026
The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed
CVE-2026-4127 was published Mar 21, 2026
The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee... Moderate Unreviewed
CVE-2026-2720 was published Mar 21, 2026
The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed
CVE-2026-1935 was published Mar 21, 2026
The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2026-1253 was published Mar 21, 2026
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2026-3567 was published Mar 21, 2026
AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin Moderate
CVE-2026-33501 was published for wwbn/avideo (Composer) Mar 20, 2026
restriction Credited to restriction
Ory Oathkeeper has an authentication bypass by usage of untrusted header Moderate
CVE-2026-33495 was published for github.com/ory/oathkeeper (Go) Mar 20, 2026
The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to,... Moderate Unreviewed
CVE-2026-3550 was published Mar 20, 2026
Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to... Moderate Unreviewed
CVE-2026-26939 was published Mar 19, 2026
Missing Authorization vulnerability in UiPress UiPress lite allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27091 was published Mar 19, 2026
The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary... Moderate Unreviewed
CVE-2026-3475 was published Mar 19, 2026
Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting... Moderate Unreviewed
CVE-2026-28070 was published Mar 19, 2026
Statamic is missing authorization check on taxonomy term creation via fieldtype Moderate
CVE-2026-33177 was published for statamic/cms (Composer) Mar 18, 2026
everythingBlackkk Credited to everythingBlackkk
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2026-2559 was published Mar 18, 2026
Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting... Moderate Unreviewed
CVE-2026-32565 was published Mar 18, 2026
Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite Moderate
CVE-2026-1217 was published for yoast/duplicate-post (Composer) Mar 18, 2026
ictbeheer Credited to ictbeheer
The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification... Moderate Unreviewed
CVE-2026-1926 was published Mar 18, 2026
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting... Moderate Unreviewed
CVE-2026-32586 was published Mar 17, 2026
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is... Moderate Unreviewed
CVE-2026-2373 was published Mar 17, 2026
Admidio is Missing Authorization on Forum Topic and Post Deletion Moderate
CVE-2026-32818 was published for admidio/admidio (Composer) Mar 16, 2026
restriction Credited to restriction
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database