Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

2,952 advisories

Loading
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
Incorrect Permission Checking for GraphQL Subscriptions Moderate
CVE-2023-38503 was published for directus (npm) Jul 25, 2023
madc
Credited to madc
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a... Moderate Unreviewed
CVE-2025-43904 was published Jan 16, 2026
Incus creates nftables rules that partially bypass security options High
CVE-2025-52890 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
Credited to obp-anssi
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated... High Unreviewed
CVE-2026-0713 was published Jan 15, 2026
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0... High Unreviewed
CVE-2025-66005 was published Jan 14, 2026
The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-15513 was published Jan 14, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization... High Unreviewed
CVE-2026-21274 was published Jan 13, 2026
TYPO3 CMS Allows Broken Access Control in Edit Document Controller Moderate
CVE-2025-59020 was published for typo3/cms-backend (Composer) Jan 13, 2026
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in... Moderate Unreviewed
CVE-2026-0684 was published Jan 13, 2026
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated... High Unreviewed
CVE-2025-41078 was published Jan 12, 2026
Ghost has Staff Token permission bypass High
CVE-2026-22595 was published for ghost (npm) Jan 8, 2026
odgrso
Credited to odgrso
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to,... Moderate Unreviewed
CVE-2026-0831 was published Jan 10, 2026
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14943 was published Jan 10, 2026
### Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier... Low Unreviewed
CVE-2025-62487 was published Jan 10, 2026
The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13753 was published Jan 9, 2026
Soft Serve is missing an authorization check in LFS lock deletion Moderate
CVE-2026-22253 was published for github.com/charmbracelet/soft-serve (Go) Jan 8, 2026
Tomer-PL
Credited to Tomer-PL
Kirby is missing permission checks in the content changes API Moderate
CVE-2026-21896 was published for getkirby/cms (Composer) Jan 8, 2026
lukaskleinschmidt
Credited to lukaskleinschmidt
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft... High Unreviewed
CVE-2026-22230 was published Jan 8, 2026
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function... Low Unreviewed
CVE-2025-15119 was published Dec 28, 2025
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-14352 was published Jan 7, 2026
Improper access checks in M-Files Server before 25.12 allows users to download files through M... Moderate Unreviewed
CVE-2025-14318 was published Dec 18, 2025
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that... High Unreviewed
CVE-2020-36920 was published Jan 6, 2026
it's possible for an attacker to gain administrative access without having any kind of account on... Critical Unreviewed
CVE-2024-6695 was published Jul 31, 2024
The allows any authenticated user to join a private group due to a missing authorization check... Moderate Unreviewed
CVE-2024-2231 was published Jul 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database