Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

544 advisories

Loading
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. Critical Unreviewed
CVE-2026-49764 was published Jun 15, 2026
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions. High Unreviewed
CVE-2026-42411 was published Jun 15, 2026
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. Moderate Unreviewed
CVE-2026-40799 was published Jun 15, 2026
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. High Unreviewed
CVE-2026-40781 was published Jun 15, 2026
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions. Moderate Unreviewed
CVE-2026-42378 was published Jun 15, 2026
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions. High Unreviewed
CVE-2026-40785 was published Jun 15, 2026
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. Moderate Unreviewed
CVE-2026-40790 was published Jun 15, 2026
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. High Unreviewed
CVE-2026-39450 was published Jun 15, 2026
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization High
CVE-2026-48020 was published for github.com/traefik/traefik/v2 (Go) Jun 11, 2026
H4ck2 Credited to H4ck2
Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*` Moderate
CVE-2026-47200 was published for @nuxt/nitro-server (npm) May 29, 2026
rmtsixq Credited to rmtsixq
In Slican telephone exchanges it is possible to manage the control panel remotely. An... Critical Unreviewed
CVE-2026-35090 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API