GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,475
Composer 5,369
Erlang 44
GitHub Actions 45
Go 3,248
Maven 6,316
npm 5,215
NuGet 867
pip 4,513
Pub 12
RubyGems 997
Rust 1,189
Swift 51

Unreviewed advisories

All unreviewed 293,998

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

275 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to... Critical Unreviewed

CVE-2026-4038 was published Mar 20, 2026

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x... Critical Unreviewed

CVE-2025-11158 was published Mar 10, 2026

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the... Critical Unreviewed

CVE-2025-41764 was published Mar 9, 2026

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the... Critical Unreviewed

CVE-2025-41765 was published Mar 9, 2026

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF... Critical Unreviewed

CVE-2026-2446 was published Mar 6, 2026

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection... Critical Unreviewed

CVE-2026-3431 was published Mar 2, 2026

On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path... Critical Unreviewed

CVE-2026-3432 was published Mar 2, 2026

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability... Critical Unreviewed

CVE-2026-28515 was published Feb 28, 2026

Sensitive data disclosure and manipulation due to missing authorization. The following products... Critical Unreviewed

CVE-2025-30416 was published Feb 20, 2026

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in... Critical Unreviewed

CVE-2025-70150 was published Feb 18, 2026

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized... Critical Unreviewed

CVE-2026-1937 was published Feb 18, 2026

An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a... Critical Unreviewed

CVE-2026-0488 was published Feb 10, 2026

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged... Critical Unreviewed

CVE-2026-0509 was published Feb 10, 2026

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary... Critical Unreviewed

CVE-2026-1499 was published Feb 6, 2026

Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly... Critical Unreviewed

CVE-2025-58210 was published Jan 28, 2026

Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything... Critical Unreviewed

CVE-2026-24371 was published Jan 22, 2026

Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number... Critical Unreviewed

CVE-2025-69052 was published Jan 22, 2026

Missing Authorization vulnerability in ilmosys Order Listener for WooCommerce woc-order-alert... Critical Unreviewed

CVE-2025-68018 was published Jan 22, 2026

Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash... Critical Unreviewed

CVE-2025-62754 was published Jan 22, 2026

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write... Critical Unreviewed

CVE-2021-47812 was published Jan 16, 2026

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to... Critical Unreviewed

CVE-2025-14741 was published Jan 9, 2026

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache... Critical Unreviewed

CVE-2025-67913 was published Jan 8, 2026

Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not... Critical Unreviewed

CVE-2025-14360 was published Jan 8, 2026

Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing... Critical Unreviewed

CVE-2025-14358 was published Jan 8, 2026

Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly... Critical Unreviewed

CVE-2025-39477 was published Jan 6, 2026

Previous1…11 Next

Previous 1 2 3 4 5 … 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

275 advisories