Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

7,345 advisories

Loading
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed
CVE-2026-7249 was published May 22, 2026
The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and... Moderate Unreviewed
CVE-2026-2518 was published May 22, 2026
In Concrete CMS 9.5.0 and below,  the submit_password() method in concrete/controllers... Moderate Unreviewed
CVE-2026-7879 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The `/ccm/frontend/conversations... Moderate Unreviewed
CVE-2026-8237 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message_page... Moderate Unreviewed
CVE-2026-8238 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/get_rating'... Moderate Unreviewed
CVE-2026-8239 was published May 22, 2026
Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate.... Moderate Unreviewed
CVE-2026-8236 was published May 22, 2026
SQLAdmin: Authorization Bypass on `ajax_lookup` Moderate
CVE-2026-46645 was published for sqladmin (pip) May 21, 2026
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due... Moderate Unreviewed
CVE-2026-4843 was published May 21, 2026
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger Critical
CVE-2026-46614 was published for github.com/fission/fission (Go) May 21, 2026
FORIMOC Credited to FORIMOC and sanketsudake sanketsudake sanketsudake
Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured... Moderate Unreviewed
CVE-2026-39593 was published May 21, 2026
Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27393 was published May 21, 2026
phpMyFAQ: IDOR Account Takeover High
GHSA-xvp4-phqj-cjr3 was published for phpmyfaq/phpmyfaq (Composer) May 20, 2026
cyberHunter127 Credited to cyberHunter127
wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None High
GHSA-mw8f-w6p8-xrf4 was published for wger (pip) May 20, 2026
HiyokoSauna37 Credited to HiyokoSauna37
The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability.  Under certain... Moderate Unreviewed
CVE-2026-21836 was published May 20, 2026
Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop... Moderate Unreviewed
CVE-2026-45443 was published May 20, 2026
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows... Moderate Unreviewed
CVE-2026-27424 was published May 20, 2026
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27405 was published May 20, 2026
Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user... Moderate Unreviewed
CVE-2026-44392 was published May 20, 2026
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress... High Unreviewed
CVE-2026-5200 was published May 20, 2026
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2025-15369 was published May 20, 2026
The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in... Moderate Unreviewed
CVE-2026-8610 was published May 20, 2026
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue... Critical Unreviewed
CVE-2026-8495 was published May 20, 2026
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is... Moderate Unreviewed
CVE-2026-8096 was published May 19, 2026
AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php` Moderate
CVE-2026-46337 was published for WWBN/AVideo (Composer) May 19, 2026
pr3ungdt Credited to pr3ungdt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database