Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,100
Maven
5,000+
npm
4,993
NuGet
826
pip
4,425
Pub
12
RubyGems
988
Rust
1,170
Swift
50
Unreviewed advisories
All unreviewed
5,000+

6,513 advisories

Loading
Missing Authorization vulnerability in Rank Math Rank Math SEO PRO allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-28080 was published Mar 6, 2026
The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF... Critical Unreviewed
CVE-2026-2446 was published Mar 6, 2026
Sensitive information disclosure and manipulation due to insufficient authorization checks. The... Moderate Unreviewed
CVE-2025-11791 was published Mar 6, 2026
OliveTin doesn't check view permission when returning dashboards Moderate
CVE-2026-30233 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin... High Unreviewed
CVE-2026-1720 was published Mar 5, 2026
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2026-1321 was published Mar 5, 2026
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2026-3072 was published Mar 5, 2026
Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows... Moderate Unreviewed
CVE-2026-28104 was published Mar 5, 2026
Missing Authorization vulnerability in PixFort pixfort Core pixfort-core allows Exploiting... Moderate Unreviewed
CVE-2026-28071 was published Mar 5, 2026
Missing Authorization vulnerability in Frenify Guff guff allows Exploiting Incorrectly Configured... High Unreviewed
CVE-2026-28076 was published Mar 5, 2026
Missing Authorization vulnerability in Brainstorm_Force Ultimate Addons for WPBakery Page Builder... Moderate Unreviewed
CVE-2026-28038 was published Mar 5, 2026
Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes... Unknown Unreviewed
CVE-2026-27388 was published Mar 5, 2026
Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes... Unknown Unreviewed
CVE-2026-27386 was published Mar 5, 2026
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting... Unknown Unreviewed
CVE-2026-27396 was published Mar 5, 2026
Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc... Unknown Unreviewed
CVE-2026-27362 was published Mar 5, 2026
Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive... Unknown Unreviewed
CVE-2026-27361 was published Mar 5, 2026
Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order... Unknown Unreviewed
CVE-2026-27374 was published Mar 5, 2026
Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows... Unknown Unreviewed
CVE-2026-22479 was published Mar 5, 2026
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly... Unknown Unreviewed
CVE-2026-23799 was published Mar 5, 2026
Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting... Unknown Unreviewed
CVE-2026-27344 was published Mar 5, 2026
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows... Unknown Unreviewed
CVE-2026-22459 was published Mar 5, 2026
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon... High Unreviewed
CVE-2025-69340 was published Mar 5, 2026
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in... Moderate Unreviewed
CVE-2026-2899 was published Mar 5, 2026
Kimai's API invoice endpoint missing customer-level access control (IDOR) Moderate
CVE-2026-28685 was published for kimai/kimai (Composer) Mar 4, 2026
lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints Moderate
CVE-2026-3351 was published for github.com/canonical/lxd (Go) Mar 4, 2026
bugbunny-research Credited to bugbunny-research
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database