GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
472 advisories
Filter by severity
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
Critical
Unreviewed
CVE-2026-57807
was published
Jul 10, 2026
A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical...
Moderate
Unreviewed
CVE-2026-36028
was published
Jul 8, 2026
MicroRealEstate allows adversaries to bypass authentication due to a lack of token state...
High
Unreviewed
CVE-2026-57867
was published
Jul 7, 2026
An authentication bypass vulnerability exists in
the default SFTP server component utilized...
Critical
Unreviewed
CVE-2026-5268
was published
Jul 6, 2026
In multi-tenanted deployments, the application consent management mechanism fails to correctly...
Low
Unreviewed
CVE-2025-13475
was published
Jul 4, 2026
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki ...
Moderate
Unreviewed
CVE-2026-58517
was published
Jul 1, 2026
AS228T with Authentication Bypass Vulnerability
High
Unreviewed
CVE-2026-12579
was published
Jul 1, 2026
In Modem, there is a possible information disclosure due to improper input validation. This could...
Moderate
Unreviewed
CVE-2026-20460
was published
Jul 1, 2026
In Modem, there is a possible system crash due to improper input validation. This could lead to...
Moderate
Unreviewed
CVE-2026-20459
was published
Jul 1, 2026
Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability...
Critical
Unreviewed
CVE-2026-58172
was published
Jun 30, 2026
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.
High
Unreviewed
CVE-2026-56029
was published
Jun 26, 2026
Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS...
High
Unreviewed
CVE-2026-56243
was published
Jun 23, 2026
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows...
High
Unreviewed
CVE-2020-37255
was published
Jun 20, 2026
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass...
Critical
Unreviewed
CVE-2019-25763
was published
Jun 20, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API...
Moderate
Unreviewed
CVE-2026-54817
was published
Jun 17, 2026
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
High
Unreviewed
CVE-2026-54804
was published
Jun 17, 2026
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
Critical
Unreviewed
CVE-2026-49767
was published
Jun 17, 2026
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
Moderate
Unreviewed
CVE-2026-49071
was published
Jun 17, 2026
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
High
Unreviewed
CVE-2026-42629
was published
Jun 17, 2026
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
High
Unreviewed
CVE-2026-25439
was published
Jun 17, 2026
syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an...
High
Unreviewed
CVE-2026-12225
was published
Jun 16, 2026
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
High
Unreviewed
CVE-2026-48970
was published
Jun 15, 2026
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
Critical
Unreviewed
CVE-2026-49764
was published
Jun 15, 2026
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0...
High
Unreviewed
CVE-2026-42668
was published
Jun 15, 2026
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
High
Unreviewed
CVE-2026-42411
was published
Jun 15, 2026
ProTip!
Advisories are also available from the
GraphQL API