GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
544 advisories
Filter by severity
A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical...
Moderate
Unreviewed
CVE-2026-36028
was published
Jul 8, 2026
MicroRealEstate allows adversaries to bypass authentication due to a lack of token state...
High
Unreviewed
CVE-2026-57867
was published
Jul 7, 2026
An authentication bypass vulnerability exists in
the default SFTP server component utilized...
Critical
Unreviewed
CVE-2026-5268
was published
Jul 6, 2026
In multi-tenanted deployments, the application consent management mechanism fails to correctly...
Low
Unreviewed
CVE-2025-13475
was published
Jul 4, 2026
Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
High
CVE-2026-50194
was published
for
Steeltoe.Management.Endpoint
(NuGet)
Jul 2, 2026
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki ...
Moderate
Unreviewed
CVE-2026-58517
was published
Jul 1, 2026
AS228T with Authentication Bypass Vulnerability
High
Unreviewed
CVE-2026-12579
was published
Jul 1, 2026
In Modem, there is a possible information disclosure due to improper input validation. This could...
Moderate
Unreviewed
CVE-2026-20460
was published
Jul 1, 2026
In Modem, there is a possible system crash due to improper input validation. This could lead to...
Moderate
Unreviewed
CVE-2026-20459
was published
Jul 1, 2026
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability...
Critical
Unreviewed
CVE-2026-58172
was published
Jun 30, 2026
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
High
Unreviewed
CVE-2026-56029
was published
Jun 26, 2026
Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS...
High
Unreviewed
CVE-2026-56243
was published
Jun 23, 2026
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows...
High
Unreviewed
CVE-2020-37255
was published
Jun 20, 2026
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass...
Critical
Unreviewed
CVE-2019-25763
was published
Jun 20, 2026
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
High
GHSA-4qq2-2j2x-x62c
was published
for
praisonai
(npm)
Jun 18, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API...
Moderate
Unreviewed
CVE-2026-54817
was published
Jun 17, 2026
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
High
Unreviewed
CVE-2026-54804
was published
Jun 17, 2026
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
Critical
Unreviewed
CVE-2026-49767
was published
Jun 17, 2026
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
Moderate
Unreviewed
CVE-2026-49071
was published
Jun 17, 2026
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
High
Unreviewed
CVE-2026-42629
was published
Jun 17, 2026
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
High
Unreviewed
CVE-2026-25439
was published
Jun 17, 2026
Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts
High
CVE-2026-53622
was published
for
Traefik
(Go)
Jun 16, 2026
Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass
High
CVE-2026-48491
was published
for
Traefik
(Go)
Jun 16, 2026
syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an...
High
Unreviewed
CVE-2026-12225
was published
Jun 16, 2026
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
High
Unreviewed
CVE-2026-48970
was published
Jun 15, 2026
ProTip!
Advisories are also available from the
GraphQL API