GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,652 advisories
Filter by severity
n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users...
Moderate
Unreviewed
CVE-2026-59253
was published
Jul 8, 2026
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User...
Moderate
Unreviewed
CVE-2026-5459
was published
Jul 8, 2026
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is...
High
Unreviewed
CVE-2026-3688
was published
Jul 8, 2026
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
Critical
CVE-2026-53552
was published
for
github.com/zhenorzz/goploy
(Go)
Jul 7, 2026
@better-auth/scim: Account/provider takeover via missing owner binding on non-org SCIM providers
High
GHSA-j8v8-g9cx-5qf4
was published
for
@better-auth/scim
(npm)
Jul 7, 2026
EGroupware has a Remote Code Execution Vulnerability
Critical
CVE-2026-27823
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2026
Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other...
Moderate
Unreviewed
CVE-2026-49296
was published
Jul 7, 2026
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting...
High
Unreviewed
CVE-2026-5799
was published
Jul 7, 2026
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting...
High
Unreviewed
CVE-2026-5730
was published
Jul 7, 2026
MicroRealEstate is affected by broken object-level access controls in PDF generator functionality...
High
Unreviewed
CVE-2026-57868
was published
Jul 7, 2026
Broken object-level access controls and the use of a deterministic pattern during random ID...
High
Unreviewed
CVE-2026-57869
was published
Jul 7, 2026
Broken object-level access control on the Template API in MicroRealEstate allows attackers to...
Moderate
Unreviewed
CVE-2026-57870
was published
Jul 7, 2026
Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing...
High
Unreviewed
CVE-2026-59712
was published
Jul 6, 2026
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
High
CVE-2026-55429
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
OpenRemote has Cross-Realm User Information Disclosure in UserResourceImpl
High
CVE-2026-54641
was published
for
io.openremote:openremote-manager
(Maven)
Jul 6, 2026
An authenticated user could manipulate a company ID parameter in a POST request to the backend to...
Critical
Unreviewed
CVE-2026-12686
was published
Jul 6, 2026
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in...
Moderate
Unreviewed
CVE-2026-46453
was published
Jul 6, 2026
Gitea versions before 1.25.5 allow a user to change another user's primary email address.
High
Unreviewed
CVE-2026-27657
was published
Jul 3, 2026
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup...
Moderate
Unreviewed
CVE-2026-25782
was published
Jul 3, 2026
Authorization Bypass Through User-Controlled Key (CWE-639) in CalendarDeleteEventController (app...
Moderate
Unreviewed
CVE-2026-59234
was published
Jul 3, 2026
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct...
Moderate
Unreviewed
CVE-2026-11900
was published
Jul 3, 2026
The MotoPress Appointment Booking plugin for WordPress is vulnerable to Authorization Bypass...
Moderate
Unreviewed
CVE-2026-9180
was published
Jul 3, 2026
LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows...
Low
Unreviewed
CVE-2026-59100
was published
Jul 2, 2026
LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented...
High
Unreviewed
CVE-2026-59098
was published
Jul 2, 2026
LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level...
Moderate
Unreviewed
CVE-2026-58580
was published
Jul 2, 2026
ProTip!
Advisories are also available from the
GraphQL API