Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

946 advisories

Loading
Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic High
CVE-2026-42609 was published for getgrav/grav (Composer) May 5, 2026
AnhNg1410 Credited to AnhNg1410
External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore Low
CVE-2026-42875 was published for github.com/external-secrets/external-secrets (Go) May 5, 2026
moolen Credited to moolen
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function... Low Unreviewed
CVE-2026-7782 was published May 5, 2026
A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function... Moderate Unreviewed
CVE-2026-7702 was published May 3, 2026
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by... Moderate Unreviewed
CVE-2026-7681 was published May 3, 2026
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-6449 was published May 2, 2026
A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected... Low Unreviewed
CVE-2026-7502 was published May 1, 2026
A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is... Low Unreviewed
CVE-2026-7510 was published May 1, 2026
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all... High Unreviewed
CVE-2026-2892 was published Apr 30, 2026
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser... High Unreviewed
CVE-2026-5781 was published Apr 28, 2026
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy... Moderate Unreviewed
CVE-2026-7145 was published Apr 27, 2026
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This... Moderate Unreviewed
CVE-2026-7144 was published Apr 27, 2026
OpenClaw: Agent gateway config mutations could change protected operator settings Moderate
GHSA-7jm2-g593-4qrc was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Note Mark: Unauthenticated read of notes and assets in soft-deleted public books Moderate
CVE-2026-41572 was published for github.com/enchant97/note-mark/backend (Go) Apr 25, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields Moderate
CVE-2026-42202 was published for almirhodzic/nova-toggle-5 (Composer) Apr 24, 2026
RobertoNegro Credited to RobertoNegro
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Moderate Unreviewed
CVE-2026-34321 was published Apr 21, 2026
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial... High Unreviewed
CVE-2026-34320 was published Apr 21, 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web... Moderate Unreviewed
CVE-2026-34315 was published Apr 21, 2026
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this... Moderate Unreviewed
CVE-2026-6614 was published Apr 20, 2026
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the... Moderate Unreviewed
CVE-2026-6612 was published Apr 20, 2026
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the... Moderate Unreviewed
CVE-2026-6613 was published Apr 20, 2026
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the... Moderate Unreviewed
CVE-2026-6583 was published Apr 20, 2026
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects... Moderate Unreviewed
CVE-2026-6584 was published Apr 20, 2026
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects... Moderate Unreviewed
CVE-2026-6585 was published Apr 20, 2026
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the... Moderate Unreviewed
CVE-2026-6586 was published Apr 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database