Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

3,546 advisories

Loading
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-2470 was published Jun 13, 2026
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with... Moderate Unreviewed
CVE-2026-54398 was published Jun 13, 2026
OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu... Low Unreviewed
CVE-2026-53835 was published Jun 13, 2026
OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch... High Unreviewed
CVE-2026-53834 was published Jun 13, 2026
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command... High Unreviewed
CVE-2026-53828 was published Jun 13, 2026
File Browser has incorrect access control for public directory shares via rule path rebasing High
CVE-2026-54091 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
hacdias Credited to hacdias
An incorrect visibility condition in the MISP event template builder allowed authenticated non... Moderate Unreviewed
CVE-2026-54362 was published Jun 12, 2026
A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event... Moderate Unreviewed
CVE-2026-54397 was published Jun 12, 2026
An incorrect authorization vulnerability in MISP allows an organization administrator to target... High Unreviewed
CVE-2026-54358 was published Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... Moderate Unreviewed
CVE-2026-6739 was published Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... High Unreviewed
CVE-2026-7387 was published Jun 12, 2026
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the... High Unreviewed
CVE-2026-45831 was published Jun 12, 2026
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL High
CVE-2026-48152 was published for @budibase/server (npm) Jun 12, 2026
Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection High
CVE-2026-48113 was published for github.com/jpillora/chisel (Go) Jun 12, 2026
mzfr Credited to mzfr
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop... Moderate Unreviewed
CVE-2026-53808 was published Jun 11, 2026
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive... High Unreviewed
CVE-2026-53807 was published Jun 11, 2026
DevGuard has improper authorization on public assets High
CVE-2026-48089 was published for github.com/l3montree-dev/devguard (Go) Jun 11, 2026
philipflohr Credited to philipflohr
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8,... Moderate Unreviewed
CVE-2026-6269 was published Jun 11, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18... Moderate Unreviewed
CVE-2026-6277 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8,... Low Unreviewed
CVE-2026-3553 was published Jun 11, 2026
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation... High Unreviewed
CVE-2026-53738 was published Jun 11, 2026
Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data Moderate
CVE-2026-49397 was published for github.com/nezhahq/nezha (Go) Jun 10, 2026
offset Credited to offset
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote... High Unreviewed
CVE-2026-24724 was published Jun 10, 2026
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect... Critical Unreviewed
CVE-2026-48303 was published Jun 9, 2026
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization... High Unreviewed
CVE-2026-47929 was published Jun 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database