Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

482 advisories

Loading
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a... High Unreviewed
CVE-2026-54360 was published Jun 12, 2026
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag... High Unreviewed
CVE-2026-54361 was published Jun 12, 2026
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then... High Unreviewed
CVE-2026-42947 was published Jun 12, 2026
File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix High
CVE-2026-54097 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
wooseokdotkim Credited to wooseokdotkim and hacdias hacdias hacdias
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows... High Unreviewed
CVE-2026-8828 was published Jun 12, 2026
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project... High Unreviewed
CVE-2026-45830 was published Jun 12, 2026
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and... High Unreviewed
CVE-2026-45832 was published Jun 12, 2026
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify... High Unreviewed
CVE-2026-7787 was published Jun 11, 2026
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging... High Unreviewed
CVE-2026-8406 was published Jun 11, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18... High Unreviewed
CVE-2026-6552 was published Jun 11, 2026
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST... High Unreviewed
CVE-2026-53673 was published Jun 10, 2026
A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged... High Unreviewed
CVE-2026-6444 was published Jun 9, 2026
An authorization bypass through user-controlled key vulnerability has been reported to affect... High Unreviewed
CVE-2026-44083 was published Jun 9, 2026
The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User... High Unreviewed
CVE-2026-9185 was published Jun 9, 2026
The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account... High Unreviewed
CVE-2026-9851 was published Jun 6, 2026
Shopper: Multiple data integrity and disclosure issues in admin Livewire components High
CVE-2026-47743 was published for shopper/framework (Composer) Jun 5, 2026
baradika Credited to baradika
praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR High
CVE-2026-47419 was published for praisonai-platform (pip) Jun 5, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to... High Unreviewed
CVE-2026-11369 was published Jun 5, 2026
Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending High
CVE-2026-45337 was published for better-auth (npm) Jun 4, 2026
whrit Credited to whrit
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue... High Unreviewed
CVE-2025-14772 was published Jun 3, 2026
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity... High Unreviewed
CVE-2026-7201 was published Jun 2, 2026
praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR High
CVE-2026-47415 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR High
CVE-2026-47417 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR High
CVE-2026-47418 was published for praisonai-platform (pip) Jun 1, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/... High Unreviewed
CVE-2026-41084 was published Jun 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database