GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,660 advisories
Filter by severity
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46...
Moderate
Unreviewed
CVE-2026-57630
was published
Jun 26, 2026
Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and...
Moderate
Unreviewed
CVE-2026-56048
was published
Jun 26, 2026
Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone...
High
Unreviewed
CVE-2026-54839
was published
Jun 26, 2026
Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.
High
Unreviewed
CVE-2026-54826
was published
Jun 26, 2026
Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.
Moderate
Unreviewed
CVE-2025-66123
was published
Jun 26, 2026
Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
Critical
CVE-2026-55166
was published
for
lemur
(pip)
Jun 25, 2026
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to...
Moderate
Unreviewed
CVE-2026-56774
was published
Jun 25, 2026
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated...
Moderate
Unreviewed
CVE-2026-56772
was published
Jun 25, 2026
A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild()...
High
Unreviewed
CVE-2026-9099
was published
Jun 25, 2026
A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed...
Moderate
Unreviewed
CVE-2026-9799
was published
Jun 25, 2026
OpenAM Arbitrary OAuth Token Minting via Push Registration
High
CVE-2026-46498
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 25, 2026
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3...
Moderate
Unreviewed
CVE-2026-56013
was published
Jun 25, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0...
Moderate
Unreviewed
CVE-2026-5309
was published
Jun 25, 2026
Snipe-IT has Multi-Tenancy Bypass via Bulk Asset Update
Moderate
CVE-2026-55482
was published
for
snipe/snipe-it
(Composer)
Jun 23, 2026
OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the...
High
Unreviewed
CVE-2026-56120
was published
Jun 23, 2026
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness...
High
Unreviewed
CVE-2025-62180
was published
Jun 23, 2026
Gogs: LFS dedupe path leaks private repo content across tenants
High
CVE-2026-52812
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in...
High
Unreviewed
CVE-2026-56784
was published
Jun 23, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private...
High
Unreviewed
CVE-2026-56222
was published
Jun 23, 2026
Gogs Missing Authorization in Attachment Download
High
CVE-2026-52799
was published
for
gogs.io/gogs
(Go)
Jun 22, 2026
Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17...
Moderate
Unreviewed
CVE-2026-6062
was published
Jun 22, 2026
MISP core contained multiple broken access-control flaws where authorization checks were...
High
Unreviewed
CVE-2026-56424
was published
Jun 22, 2026
Multiple MISP core controllers and model capture paths accepted client-controlled request fields...
Critical
Unreviewed
CVE-2026-56422
was published
Jun 22, 2026
Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization...
Moderate
Unreviewed
CVE-2026-56385
was published
Jun 21, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and ...
High
Unreviewed
CVE-2026-56229
was published
Jun 21, 2026
ProTip!
Advisories are also available from the
GraphQL API