Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

7,047 advisories

Loading
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any... High Unreviewed
CVE-2026-35063 was published Apr 9, 2026
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows... Moderate Unreviewed
CVE-2026-39631 was published Apr 8, 2026
Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured... Moderate Unreviewed
CVE-2026-39627 was published Apr 8, 2026
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint Moderate
CVE-2026-33866 was published for mlflow (pip) Apr 7, 2026
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting... Moderate Unreviewed
CVE-2026-39648 was published Apr 8, 2026
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows... Moderate Unreviewed
CVE-2026-39659 was published Apr 8, 2026
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce... Moderate Unreviewed
CVE-2026-39662 was published Apr 8, 2026
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-39637 was published Apr 8, 2026
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money... Moderate Unreviewed
CVE-2026-39650 was published Apr 8, 2026
Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content... Moderate Unreviewed
CVE-2026-39639 was published Apr 8, 2026
Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows... Moderate Unreviewed
CVE-2026-39652 was published Apr 8, 2026
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting... Moderate Unreviewed
CVE-2026-39664 was published Apr 8, 2026
Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows... Moderate Unreviewed
CVE-2026-39657 was published Apr 8, 2026
Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows... Moderate Unreviewed
CVE-2026-39644 was published Apr 8, 2026
kcp's cache server is accessible without authentication or authorization checks High
CVE-2026-39429 was published for github.com/kcp-dev/kcp (Go) Apr 8, 2026
ntnn Credited to ntnn
OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers High
GHSA-wq58-2pvg-5h4f was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Hydrosystem Control System does not enforce authorization for some directories. This allows an... High Unreviewed
CVE-2026-34184 was published Apr 9, 2026
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and... Moderate Unreviewed
CVE-2026-4124 was published Apr 9, 2026
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed
CVE-2026-1830 was published Apr 9, 2026
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in... High Unreviewed
CVE-2026-4326 was published Apr 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18... Low Unreviewed
CVE-2026-4916 was published Apr 9, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9... Moderate Unreviewed
CVE-2025-9484 was published Apr 9, 2026
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for... Moderate Unreviewed
CVE-2026-39668 was published Apr 8, 2026
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing... Moderate Unreviewed
CVE-2025-14854 was published Jan 14, 2026
The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2025-13529 was published Jan 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database