GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,716 advisories
Filter by severity
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue...
Unknown
Unreviewed
CVE-2026-13237
was published
Jul 11, 2026
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful...
Unknown
Unreviewed
CVE-2026-13238
was published
Jul 11, 2026
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback)...
Unknown
Unreviewed
CVE-2026-13232
was published
Jul 11, 2026
Windmill: Resource-scoped API tokens can read script contents outside their allowed path via scripts/list_search
Moderate
CVE-2026-54136
was published
for
windmill-api
(Rust)
Jul 10, 2026
Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization...
High
Unreviewed
CVE-2026-39903
was published
Jul 10, 2026
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is...
Moderate
Unreviewed
CVE-2026-15286
was published
Jul 10, 2026
The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the ...
Moderate
Unreviewed
CVE-2026-5069
was published
Jul 10, 2026
Sylius: Channel-based payment method restriction bypass on shop account orders API endpoint
Moderate
CVE-2026-53638
was published
for
sylius/sylius
(Composer)
Jul 9, 2026
Avo: Direct attachment upload endpoint lacks upload authorization and bypasses field-level upload policy
Moderate
CVE-2026-53769
was published
for
avo
(RubyGems)
Jul 9, 2026
An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated...
Moderate
Unreviewed
CVE-2026-61474
was published
Jul 9, 2026
Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote...
High
Unreviewed
CVE-2026-15123
was published
Jul 9, 2026
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote...
High
Unreviewed
CVE-2026-15125
was published
Jul 9, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0...
Low
Unreviewed
CVE-2026-6352
was published
Jul 8, 2026
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in...
Moderate
Unreviewed
CVE-2026-14896
was published
Jul 8, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19...
Low
Unreviewed
CVE-2026-13151
was published
Jul 8, 2026
Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module).
This...
Low
Unreviewed
CVE-2026-8800
was published
Jul 8, 2026
MISP’s importModule() path used getEnabledModule() to resolve a single import module by name, but...
Moderate
Unreviewed
CVE-2026-60125
was published
Jul 8, 2026
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/...
Moderate
Unreviewed
CVE-2026-56776
was published
Jul 8, 2026
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating...
Moderate
Unreviewed
CVE-2026-56775
was published
Jul 8, 2026
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API...
Moderate
Unreviewed
CVE-2026-56778
was published
Jul 8, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0...
High
Unreviewed
CVE-2026-56086
was published
Jul 8, 2026
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest...
High
Unreviewed
CVE-2026-56220
was published
Jul 8, 2026
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
Moderate
GHSA-f66q-9rf6-8795
was published
for
Flask-Security-Too
(pip)
Jul 7, 2026
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
Critical
CVE-2026-53552
was published
for
github.com/zhenorzz/goploy
(Go)
Jul 7, 2026
@better-auth/oauth-provider may provide access tokens for unauthorized audiences via unbound resource indicators
Moderate
GHSA-p2fr-6hmx-4528
was published
for
@better-auth/oauth-provider
(npm)
Jul 7, 2026
ProTip!
Advisories are also available from the
GraphQL API