Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,524 advisories

Loading
Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions. High Unreviewed
CVE-2026-52699 was published Jun 15, 2026
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions. High Unreviewed
CVE-2026-48868 was published Jun 15, 2026
Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions. High Unreviewed
CVE-2026-48872 was published Jun 15, 2026
Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions. Moderate Unreviewed
CVE-2026-40792 was published Jun 15, 2026
Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. High Unreviewed
CVE-2026-39518 was published Jun 15, 2026
Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions. High Unreviewed
CVE-2025-59133 was published Jun 15, 2026
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2026-1291 was published Jun 13, 2026
An improper authorization vulnerability in MISP allowed an authenticated organization... Moderate Unreviewed
CVE-2026-54357 was published Jun 12, 2026
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag... High Unreviewed
CVE-2026-54361 was published Jun 12, 2026
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a... High Unreviewed
CVE-2026-54360 was published Jun 12, 2026
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then... High Unreviewed
CVE-2026-42947 was published Jun 12, 2026
File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix High
CVE-2026-54097 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
wooseokdotkim Credited to wooseokdotkim and hacdias hacdias hacdias
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows... High Unreviewed
CVE-2026-8828 was published Jun 12, 2026
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and... High Unreviewed
CVE-2026-45832 was published Jun 12, 2026
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project... High Unreviewed
CVE-2026-45830 was published Jun 12, 2026
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields Moderate
CVE-2026-48067 was published for filament/actions (Composer) Jun 11, 2026
baradika Credited to baradika and danharrin danharrin danharrin
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify... High Unreviewed
CVE-2026-7787 was published Jun 11, 2026
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging... High Unreviewed
CVE-2026-8406 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8,... Low Unreviewed
CVE-2026-6976 was published Jun 11, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18... High Unreviewed
CVE-2026-6552 was published Jun 11, 2026
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request... Moderate Unreviewed
CVE-2026-53911 was published Jun 11, 2026
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo... Moderate Unreviewed
CVE-2023-40200 was published Jun 11, 2026
A flaw was found in migration-planner. An authenticated attacker could exploit an improper access... Critical Unreviewed
CVE-2026-53470 was published Jun 10, 2026
A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs)... Critical Unreviewed
CVE-2026-53471 was published Jun 10, 2026
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST... Moderate Unreviewed
CVE-2026-53675 was published Jun 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database