Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

7,168 advisories

Loading
The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and... High Unreviewed
CVE-2026-4100 was published May 2, 2026
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2026-4024 was published May 2, 2026
The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in... Moderate Unreviewed
CVE-2026-4650 was published May 2, 2026
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing... High Unreviewed
CVE-2026-6963 was published May 2, 2026
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for... Moderate Unreviewed
CVE-2026-3143 was published May 1, 2026
Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API High
CVE-2026-42137 was published for getkirby/cms (Composer) Apr 30, 2026
Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets) High
CVE-2026-42461 was published for github.com/getarcaneapp/arcane/backend (Go) Apr 30, 2026
Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items Moderate
CVE-2026-41658 was published for admidio/admidio (Composer) Apr 29, 2026
offset Credited to offset
OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners Moderate
GHSA-c28g-vh7m-fm7v was published for openclaw (npm) Apr 29, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay High
CVE-2026-42226 was published for n8n (npm) Apr 29, 2026
ESPanda666 Credited to ESPanda666
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution Moderate
CVE-2026-42228 was published for n8n (npm) Apr 29, 2026
34selen Credited to 34selen
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and... Moderate Unreviewed
CVE-2026-42522 was published Apr 29, 2026
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier... Moderate Unreviewed
CVE-2026-42519 was published Apr 29, 2026
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-42642 was published Apr 29, 2026
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg... Moderate Unreviewed
CVE-2026-42648 was published Apr 29, 2026
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data... Moderate Unreviewed
CVE-2026-4019 was published Apr 29, 2026
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-42412 was published Apr 29, 2026
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting... High Unreviewed
CVE-2026-42377 was published Apr 29, 2026
CoreDNS' transfer stanza selection uses lexicographic compare (subzone ACL bypass) High
CVE-2026-33489 was published for github.com/coredns/coredns (Go) Apr 28, 2026
manizada Credited to manizada
Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0... Moderate Unreviewed
CVE-2026-6706 was published Apr 28, 2026
In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized... Critical Unreviewed
CVE-2026-40976 was published Apr 28, 2026
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the... High Unreviewed
CVE-2026-41464 was published Apr 27, 2026
OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy Moderate
GHSA-qrp5-gfw2-gxv4 was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Kimai has Missing Object-Level Authorization in the Team API Low
CVE-2026-41498 was published for kimai/kimai (Composer) Apr 24, 2026
AzureADTrent Credited to AzureADTrent
The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all... Moderate Unreviewed
CVE-2026-3569 was published Apr 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database