Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

495 advisories

Loading
IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote... Moderate Unreviewed
CVE-2026-6938 was published May 27, 2026
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7,... Moderate Unreviewed
CVE-2025-43289 was published May 27, 2026
Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass... Moderate Unreviewed
CVE-2022-34363 was published May 26, 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members Moderate
CVE-2026-46552 was published for nocodb (npm) May 21, 2026
0xmrma Credited to 0xmrma
Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz:... Moderate Unreviewed
CVE-2026-45187 was published May 19, 2026
AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024` Moderate
CVE-2026-45620 was published for WWBN/AVideo (Composer) May 18, 2026
SnailSploit Credited to SnailSploit
Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED] Moderate
CVE-2026-45365 was published for open-webui (pip) May 14, 2026
johnatzeropath Credited to johnatzeropath and LeftenantZero LeftenantZero LeftenantZero
Open WebUI missing authorization check at the model update function - models from other users can be updated Moderate
CVE-2026-45345 was published for open-webui (pip) May 14, 2026
simioni87 Credited to simioni87
SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk Moderate
CVE-2026-45147 was published for github.com/siyuan-note/siyuan/kernel (Go) May 13, 2026
StarPlatinu Credited to StarPlatinu
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and... Moderate Unreviewed
CVE-2026-34656 was published May 12, 2026
ExternalSecrets vulnerable to privilege escalation with secret overwriting Moderate
CVE-2026-42876 was published for github.com/external-secrets/external-secrets/apis (Go) May 8, 2026
factory-nizar Credited to factory-nizar and factory-kirk factory-kirk factory-kirk
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability... Moderate Unreviewed
CVE-2026-8027 was published May 6, 2026
External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore Moderate
CVE-2026-42875 was published for github.com/external-secrets/external-secrets (Go) May 5, 2026
moolen Credited to moolen
A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function... Moderate Unreviewed
CVE-2026-7702 was published May 3, 2026
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by... Moderate Unreviewed
CVE-2026-7681 was published May 3, 2026
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-6449 was published May 2, 2026
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy... Moderate Unreviewed
CVE-2026-7145 was published Apr 27, 2026
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This... Moderate Unreviewed
CVE-2026-7144 was published Apr 27, 2026
OpenClaw: Agent gateway config mutations could change protected operator settings Moderate
GHSA-7jm2-g593-4qrc was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Note Mark: Unauthenticated read of notes and assets in soft-deleted public books Moderate
CVE-2026-41572 was published for github.com/enchant97/note-mark/backend (Go) Apr 25, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields Moderate
CVE-2026-42202 was published for almirhodzic/nova-toggle-5 (Composer) Apr 24, 2026
RobertoNegro Credited to RobertoNegro
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Moderate Unreviewed
CVE-2026-34321 was published Apr 21, 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web... Moderate Unreviewed
CVE-2026-34315 was published Apr 21, 2026
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this... Moderate Unreviewed
CVE-2026-6614 was published Apr 20, 2026
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the... Moderate Unreviewed
CVE-2026-6612 was published Apr 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database