GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
920 advisories
Filter by severity
n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users...
Moderate
Unreviewed
CVE-2026-59253
was published
Jul 8, 2026
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User...
Moderate
Unreviewed
CVE-2026-5459
was published
Jul 8, 2026
Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other...
Moderate
Unreviewed
CVE-2026-49296
was published
Jul 7, 2026
Broken object-level access control on the Template API in MicroRealEstate allows attackers to...
Moderate
Unreviewed
CVE-2026-57870
was published
Jul 7, 2026
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in...
Moderate
Unreviewed
CVE-2026-46453
was published
Jul 6, 2026
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup...
Moderate
Unreviewed
CVE-2026-25782
was published
Jul 3, 2026
Authorization Bypass Through User-Controlled Key (CWE-639) in CalendarDeleteEventController (app...
Moderate
Unreviewed
CVE-2026-59234
was published
Jul 3, 2026
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct...
Moderate
Unreviewed
CVE-2026-11900
was published
Jul 3, 2026
The MotoPress Appointment Booking plugin for WordPress is vulnerable to Authorization Bypass...
Moderate
Unreviewed
CVE-2026-9180
was published
Jul 3, 2026
LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level...
Moderate
Unreviewed
CVE-2026-58580
was published
Jul 2, 2026
Craft CMS: Unauthorized Deletion of Source Assets During File Replacement
Moderate
CVE-2026-50283
was published
for
craftcms/cms
(Composer)
Jul 2, 2026
PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request...
Moderate
Unreviewed
CVE-2026-58653
was published
Jul 2, 2026
Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions.
Moderate
Unreviewed
CVE-2026-57680
was published
Jul 2, 2026
The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-9188
was published
Jul 2, 2026
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct...
Moderate
Unreviewed
CVE-2026-11896
was published
Jul 2, 2026
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-12657
was published
Jul 2, 2026
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-5348
was published
Jul 2, 2026
SurrealDB has an Authorization Bypass via Composite Record-id Paths
Moderate
GHSA-6vg3-hgrw-p5gf
was published
for
surrealdb
(Rust)
Jul 1, 2026
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a...
Moderate
Unreviewed
CVE-2026-5138
was published
Jul 1, 2026
A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass...
Moderate
Unreviewed
CVE-2026-5142
was published
Jul 1, 2026
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated...
Moderate
Unreviewed
CVE-2026-5135
was published
Jul 1, 2026
MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer...
Moderate
Unreviewed
CVE-2026-53903
was published
Jul 1, 2026
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
Moderate
Unreviewed
CVE-2026-10096
was published
Jul 1, 2026
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-11988
was published
Jul 1, 2026
The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-12904
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API