GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,309
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
111 advisories
Filter by severity
Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows...
Critical
Unreviewed
CVE-2026-57813
was published
Jul 13, 2026
Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation....
Critical
Unreviewed
CVE-2026-57692
was published
Jul 1, 2026
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Critical
Unreviewed
CVE-2026-56030
was published
Jun 26, 2026
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
Critical
Unreviewed
CVE-2026-56033
was published
Jun 26, 2026
Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website...
Critical
Unreviewed
CVE-2026-56028
was published
Jun 26, 2026
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Critical
Unreviewed
CVE-2026-54807
was published
Jun 17, 2026
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
Critical
Unreviewed
CVE-2026-49058
was published
Jun 17, 2026
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Critical
Unreviewed
CVE-2026-27395
was published
Jun 17, 2026
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
Critical
Unreviewed
CVE-2025-69179
was published
Jun 17, 2026
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152,...
Critical
Unreviewed
CVE-2026-12294
was published
Jun 16, 2026
Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.
Critical
Unreviewed
CVE-2026-39583
was published
Jun 15, 2026
Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.
Critical
Unreviewed
CVE-2026-34901
was published
Jun 15, 2026
Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows...
Critical
Unreviewed
CVE-2026-49060
was published
Jun 12, 2026
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1,...
Critical
Unreviewed
CVE-2025-10263
was published
Jun 9, 2026
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege...
Critical
Unreviewed
CVE-2025-53209
was published
Jun 2, 2026
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer...
Critical
Unreviewed
CVE-2026-42680
was published
Jun 1, 2026
Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation.
This...
Critical
Unreviewed
CVE-2026-48879
was published
Jun 1, 2026
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar...
Critical
Unreviewed
CVE-2026-42758
was published
May 27, 2026
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange...
Critical
Unreviewed
CVE-2026-42731
was published
May 27, 2026
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as...
Critical
Unreviewed
CVE-2026-48172
was published
May 21, 2026
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision...
Critical
Unreviewed
CVE-2026-42368
was published
May 4, 2026
Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows...
Critical
Unreviewed
CVE-2026-22337
was published
Apr 27, 2026
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on...
Critical
Unreviewed
CVE-2026-33519
was published
Apr 21, 2026
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows...
Critical
Unreviewed
CVE-2026-33518
was published
Apr 21, 2026
Duplicate Advisory: OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes
Critical
GHSA-phgf-3849-rgjq
was published
for
openclaw
(npm)
Mar 31, 2026
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API