Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,065
Maven
5,000+
npm
4,846
NuGet
825
pip
4,398
Pub
12
RubyGems
988
Rust
1,147
Swift
50
Unreviewed advisories
All unreviewed
5,000+

6,477 advisories

Loading
Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user High
GHSA-hwm2-4ph6-w6m5 was published for github.com/rancher/rancher (Go) Mar 3, 2026
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-1336 was published Mar 3, 2026
OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools High
GHSA-jr6x-2q95-fh2g was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login High
GHSA-4fqm-6fmh-82mq was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
kule500 Credited to kule500
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any... High Unreviewed
CVE-2026-0026 was published Mar 2, 2026
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to... Moderate Unreviewed
CVE-2026-0024 was published Mar 2, 2026
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to... High Unreviewed
CVE-2026-0023 was published Mar 2, 2026
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept... High Unreviewed
CVE-2025-48574 was published Mar 2, 2026
In multiple functions of MediaProvider.java, there is a possible way to bypass the... High Unreviewed
CVE-2025-48578 was published Mar 2, 2026
On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path... Critical Unreviewed
CVE-2026-3432 was published Mar 2, 2026
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection... Critical Unreviewed
CVE-2026-3431 was published Mar 2, 2026
Statamic's missing authorization allows access to email addresses Moderate
CVE-2026-28424 was published for statamic/cms (Composer) Mar 1, 2026
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated... Moderate Unreviewed
CVE-2026-28554 was published Mar 1, 2026
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated... Moderate Unreviewed
CVE-2026-28556 was published Mar 1, 2026
wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated... Moderate Unreviewed
CVE-2026-28555 was published Mar 1, 2026
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated... High Unreviewed
CVE-2026-28557 was published Mar 1, 2026
openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability... Critical Unreviewed
CVE-2026-28515 was published Feb 28, 2026
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API High
CVE-2026-27946 was published for github.com/zitadel/zitadel (Go) Feb 27, 2026
livio-a Credited to livio-a and IAM-marco IAM-marco IAM-marco
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint High
CVE-2026-27836 was published for thorsten/phpmyfaq (Composer) Feb 27, 2026
offensiveee Credited to offensiveee
@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode Moderate
CVE-2026-27638 was published for @actual-app/sync-server (npm) Feb 27, 2026
q1uf3ng Credited to q1uf3ng
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations Moderate
CVE-2026-27457 was published for weblate (pip) Feb 26, 2026
nijel Credited to nijel
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint Moderate
CVE-2026-24004 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18... Moderate Unreviewed
CVE-2025-14103 was published Feb 25, 2026
Parse Dashboard is Missing Authorization for its Agent Endpoint Critical
CVE-2026-27608 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza Credited to mtrezza and ByamB4 ByamB4 ByamB4
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add... Moderate Unreviewed
CVE-2026-28195 was published Feb 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database