Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,518 advisories

Loading
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2026-1291 was published Jun 13, 2026
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a... High Unreviewed
CVE-2026-54360 was published Jun 12, 2026
An improper authorization vulnerability in MISP allowed an authenticated organization... Moderate Unreviewed
CVE-2026-54357 was published Jun 12, 2026
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag... High Unreviewed
CVE-2026-54361 was published Jun 12, 2026
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then... High Unreviewed
CVE-2026-42947 was published Jun 12, 2026
File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix High
CVE-2026-54097 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
wooseokdotkim Credited to wooseokdotkim and hacdias hacdias hacdias
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows... High Unreviewed
CVE-2026-8828 was published Jun 12, 2026
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project... High Unreviewed
CVE-2026-45830 was published Jun 12, 2026
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and... High Unreviewed
CVE-2026-45832 was published Jun 12, 2026
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields Moderate
CVE-2026-48067 was published for filament/actions (Composer) Jun 11, 2026
baradika Credited to baradika and danharrin danharrin danharrin
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify... High Unreviewed
CVE-2026-7787 was published Jun 11, 2026
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging... High Unreviewed
CVE-2026-8406 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8,... Low Unreviewed
CVE-2026-6976 was published Jun 11, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18... High Unreviewed
CVE-2026-6552 was published Jun 11, 2026
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request... Moderate Unreviewed
CVE-2026-53911 was published Jun 11, 2026
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo... Moderate Unreviewed
CVE-2023-40200 was published Jun 11, 2026
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access... Critical Unreviewed
CVE-2026-53470 was published Jun 10, 2026
A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs)... Critical Unreviewed
CVE-2026-53471 was published Jun 10, 2026
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST... Moderate Unreviewed
CVE-2026-53675 was published Jun 10, 2026
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST... High Unreviewed
CVE-2026-53673 was published Jun 10, 2026
PhoenixStorybook has cross-session PubSub topic injection via URL parameter Low
CVE-2026-47068 was published for phoenix_storybook (Erlang) Jun 9, 2026
PJUllrich Credited to PJUllrich, cblavier, and maennchen cblavier cblavier
maennchen maennchen
A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged... High Unreviewed
CVE-2026-6444 was published Jun 9, 2026
An authorization bypass through user-controlled key vulnerability has been reported to affect... High Unreviewed
CVE-2026-44083 was published Jun 9, 2026
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User... High Unreviewed
CVE-2026-9185 was published Jun 9, 2026
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation... Moderate Unreviewed
CVE-2026-49141 was published Jun 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database