GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,049 advisories
Filter by severity
A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function...
Moderate
Unreviewed
CVE-2026-12204
was published
Jun 15, 2026
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown...
Low
Unreviewed
CVE-2026-12189
was published
Jun 15, 2026
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability...
Moderate
Unreviewed
CVE-2026-12190
was published
Jun 15, 2026
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android....
Low
Unreviewed
CVE-2026-12065
was published
Jun 12, 2026
DevGuard has improper authorization on public assets
High
CVE-2026-48089
was published
for
github.com/l3montree-dev/devguard
(Go)
Jun 11, 2026
A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user...
High
Unreviewed
CVE-2026-47342
was published
Jun 11, 2026
Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data
Moderate
CVE-2026-49397
was published
for
github.com/nezhahq/nezha
(Go)
Jun 10, 2026
Dex: Token-exchange endpoint is missing AllowedConnectors enforcement
High
GHSA-7qjx-gp9h-65qj
was published
for
github.com/dexidp/dex
(Go)
Jun 9, 2026
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute...
High
Unreviewed
CVE-2026-47298
was published
Jun 9, 2026
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
High
Unreviewed
CVE-2026-45490
was published
Jun 9, 2026
Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose...
High
Unreviewed
CVE-2026-45503
was published
Jun 9, 2026
Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges...
High
Unreviewed
CVE-2026-42902
was published
Jun 9, 2026
nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator
High
CVE-2026-47726
was published
for
github.com/juev/nebula-mesh
(Go)
Jun 8, 2026
A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function...
Low
Unreviewed
CVE-2026-11500
was published
Jun 8, 2026
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the...
Low
Unreviewed
CVE-2026-11461
was published
Jun 8, 2026
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass...
Critical
Unreviewed
CVE-2026-10580
was published
Jun 5, 2026
Shopper: Authorization bypass and RBAC privilege escalation in team settings
Critical
CVE-2026-47744
was published
for
shopper/framework
(Composer)
Jun 5, 2026
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose...
Critical
Unreviewed
CVE-2026-48579
was published
Jun 5, 2026
Hono: JWT middleware accepts any Authorization scheme, not only Bearer
Moderate
CVE-2026-47673
was published
for
hono
(npm)
Jun 4, 2026
Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending
High
CVE-2026-45337
was published
for
better-auth
(npm)
Jun 4, 2026
An improper authorization vulnerability has been identified in Apache Kafka.
The implementation...
Moderate
Unreviewed
CVE-2026-41115
was published
Jun 2, 2026
In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a...
Critical
Unreviewed
CVE-2026-0072
was published
Jun 1, 2026
Apache ActiveMQ server has an incomplete authorization workflow
Moderate
CVE-2026-46605
was published
for
org.apache.activemq:apache-activemq
(Maven)
Jun 1, 2026
Apache Airflow has an Improper Authorization issue
Low
CVE-2026-40963
was published
for
apache-airflow
(pip)
Jun 1, 2026
AstrBot: Manipulation of astr_main_agent's session_id parameter leads to authorization bypass
Low
CVE-2026-10212
was published
for
AstrBot
(pip)
Jun 1, 2026
ProTip!
Advisories are also available from the
GraphQL API