Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,667 advisories

Loading
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-2470 was published Jun 13, 2026
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with... Moderate Unreviewed
CVE-2026-54398 was published Jun 13, 2026
An incorrect visibility condition in the MISP event template builder allowed authenticated non... Moderate Unreviewed
CVE-2026-54362 was published Jun 12, 2026
A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event... Moderate Unreviewed
CVE-2026-54397 was published Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... Moderate Unreviewed
CVE-2026-6739 was published Jun 12, 2026
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop... Moderate Unreviewed
CVE-2026-53808 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8,... Moderate Unreviewed
CVE-2026-6269 was published Jun 11, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18... Moderate Unreviewed
CVE-2026-6277 was published Jun 11, 2026
Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data Moderate
CVE-2026-49397 was published for github.com/nezhahq/nezha (Go) Jun 10, 2026
offset Credited to offset
Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization... Moderate Unreviewed
CVE-2026-47910 was published Jun 9, 2026
Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the... Moderate Unreviewed
CVE-2026-7765 was published Jun 8, 2026
Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to... Moderate Unreviewed
CVE-2026-21031 was published Jun 5, 2026
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2026-9048 was published Jun 2, 2026
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders Moderate
CVE-2026-47230 was published for admidio/admidio (Composer) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php` Moderate
CVE-2026-47227 was published for admidio/admidio (Composer) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin Moderate Unreviewed
CVE-2026-49376 was published May 29, 2026
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups... Moderate Unreviewed
CVE-2026-49369 was published May 29, 2026
CAPM3 vulnerable to Cross-Namespace resource access Moderate
GHSA-rf84-wr5g-m3rp was published for github.com/metal3-io/cluster-api-provider-metal3 (Go) May 29, 2026
OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and... Moderate Unreviewed
CVE-2026-35673 was published May 29, 2026
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on... Moderate Unreviewed
CVE-2026-49299 was published May 29, 2026
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token... Moderate Unreviewed
CVE-2026-44394 was published May 28, 2026
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential... Moderate Unreviewed
CVE-2026-42998 was published May 28, 2026
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application... Moderate Unreviewed
CVE-2026-43000 was published May 28, 2026
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in... Moderate Unreviewed
CVE-2026-42999 was published May 28, 2026
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user` Moderate
CVE-2026-47128 was published for nono-cli (Rust) May 28, 2026
cgwalters Credited to cgwalters and NickCao NickCao NickCao
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database