Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

4,765 advisories

Loading
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2026-3567 was published Mar 21, 2026
AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin Moderate
CVE-2026-33501 was published for wwbn/avideo (Composer) Mar 20, 2026
restriction Credited to restriction
Ory Oathkeeper has an authentication bypass by usage of untrusted header Moderate
CVE-2026-33495 was published for github.com/ory/oathkeeper (Go) Mar 20, 2026
The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to,... Moderate Unreviewed
CVE-2026-3550 was published Mar 20, 2026
Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to... Moderate Unreviewed
CVE-2026-26939 was published Mar 19, 2026
Missing Authorization vulnerability in UiPress UiPress lite allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27091 was published Mar 19, 2026
The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary... Moderate Unreviewed
CVE-2026-3475 was published Mar 19, 2026
Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting... Moderate Unreviewed
CVE-2026-28070 was published Mar 19, 2026
Statamic is missing authorization check on taxonomy term creation via fieldtype Moderate
CVE-2026-33177 was published for statamic/cms (Composer) Mar 18, 2026
everythingBlackkk Credited to everythingBlackkk
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2026-2559 was published Mar 18, 2026
Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite Moderate
CVE-2026-1217 was published for yoast/duplicate-post (Composer) Mar 18, 2026
ictbeheer Credited to ictbeheer
Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting... Moderate Unreviewed
CVE-2026-32565 was published Mar 18, 2026
The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification... Moderate Unreviewed
CVE-2026-1926 was published Mar 18, 2026
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting... Moderate Unreviewed
CVE-2026-32586 was published Mar 17, 2026
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is... Moderate Unreviewed
CVE-2026-2373 was published Mar 17, 2026
Admidio is Missing Authorization on Forum Topic and Post Deletion Moderate
CVE-2026-32818 was published for admidio/admidio (Composer) Mar 16, 2026
restriction Credited to restriction
Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-32587 was published Mar 16, 2026
Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting... Moderate Unreviewed
CVE-2026-32583 was published Mar 16, 2026
Mattermost allows a removed team member to enumerate all public channels within a private team Moderate
CVE-2026-2458 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to filter invite IDs based on user permissions Moderate
CVE-2026-2463 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User... Moderate Unreviewed
CVE-2026-2233 was published Mar 16, 2026
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is... Moderate Unreviewed
CVE-2026-1870 was published Mar 16, 2026
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-1948 was published Mar 16, 2026
Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl... Moderate Unreviewed
CVE-2026-32461 was published Mar 13, 2026
Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows... Moderate Unreviewed
CVE-2026-32487 was published Mar 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database