GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,047 advisories
Filter by severity
A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code...
Low
Unreviewed
CVE-2026-15191
was published
Jul 9, 2026
Note Mark: Unauthenticated disclosure of soft-deleted note metadata via deleted=true on public books
Moderate
CVE-2026-50554
was published
for
github.com/enchant97/note-mark/backend
(Go)
Jul 9, 2026
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
Moderate
CVE-2026-49463
was published
for
nl.nl-portal:besluiten
(Maven)
Jul 8, 2026
A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function...
Low
Unreviewed
CVE-2026-15036
was published
Jul 8, 2026
Capgo before 12.128.2 contains a broken access control vulnerability in the organization...
High
Unreviewed
CVE-2026-56246
was published
Jul 8, 2026
Capgo before 12.128.2 contains an authorization flaw in transfer_app() that fails to update...
Moderate
Unreviewed
CVE-2026-56293
was published
Jul 8, 2026
@better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators
Moderate
GHSA-p2fr-6hmx-4528
was published
for
@better-auth/oauth-provider
(npm)
Jul 7, 2026
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
High
CVE-2026-55428
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
Coder: User-admin role can reset owner account password
High
CVE-2026-55077
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function...
Moderate
Unreviewed
CVE-2026-14793
was published
Jul 6, 2026
A vulnerability was detected in mjperpinosa stumasy up to...
Moderate
Unreviewed
CVE-2026-14753
was published
Jul 5, 2026
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2....
Low
Unreviewed
CVE-2026-14716
was published
Jul 5, 2026
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to...
High
Unreviewed
CVE-2026-58284
was published
Jul 3, 2026
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to...
High
Unreviewed
CVE-2026-57983
was published
Jul 3, 2026
A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI...
Low
Unreviewed
CVE-2026-14608
was published
Jul 3, 2026
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission
Moderate
CVE-2026-50201
was published
for
Steeltoe.Management.Endpoint
(NuGet)
Jul 2, 2026
Froxlor customer can create MySQL databases on disallowed servers via Mysqls.add API
Moderate
GHSA-q4rm-m6xh-5pv7
was published
for
froxlor/froxlor
(Composer)
Jul 2, 2026
Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap
High
CVE-2026-50279
was published
for
craftcms/cms
(Composer)
Jul 2, 2026
SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted
Moderate
CVE-2026-49997
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB: `RELATE` overwrites existing edge records without `UPDATE` permission
Moderate
GHSA-f82j-v89j-mf86
was published
for
surrealdb
(Rust)
Jul 1, 2026
Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts...
High
Unreviewed
CVE-2026-56320
was published
Jul 1, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation...
High
Unreviewed
CVE-2026-56249
was published
Jul 1, 2026
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users...
Moderate
Unreviewed
CVE-2026-56350
was published
Jul 1, 2026
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected...
Critical
Unreviewed
CVE-2026-7663
was published
Jun 30, 2026
Improper Authorization vulnerability in Apache ActiveMQ.
An authenticated low-privilege Web...
High
Unreviewed
CVE-2026-49877
was published
Jun 30, 2026
ProTip!
Advisories are also available from the
GraphQL API