Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,688
Maven
5,000+
npm
5,000+
NuGet
933
pip
4,925
Pub
13
RubyGems
1,053
Rust
1,321
Swift
53
Unreviewed advisories
All unreviewed
5,000+

483 advisories

Loading
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability... Moderate Unreviewed
CVE-2026-8027 was published May 6, 2026
A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function... Moderate Unreviewed
CVE-2026-7702 was published May 3, 2026
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by... Moderate Unreviewed
CVE-2026-7681 was published May 3, 2026
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-6449 was published May 2, 2026
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy... Moderate Unreviewed
CVE-2026-7145 was published Apr 27, 2026
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This... Moderate Unreviewed
CVE-2026-7144 was published Apr 27, 2026
OpenClaw: Agent gateway config mutations could change protected operator settings Moderate
GHSA-7jm2-g593-4qrc was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Note Mark: Unauthenticated read of notes and assets in soft-deleted public books Moderate
CVE-2026-41572 was published for github.com/enchant97/note-mark/backend (Go) Apr 25, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields Moderate
CVE-2026-42202 was published for almirhodzic/nova-toggle-5 (Composer) Apr 24, 2026
RobertoNegro Credited to RobertoNegro
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Moderate Unreviewed
CVE-2026-34321 was published Apr 21, 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web... Moderate Unreviewed
CVE-2026-34315 was published Apr 21, 2026
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this... Moderate Unreviewed
CVE-2026-6614 was published Apr 20, 2026
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the... Moderate Unreviewed
CVE-2026-6612 was published Apr 20, 2026
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the... Moderate Unreviewed
CVE-2026-6613 was published Apr 20, 2026
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the... Moderate Unreviewed
CVE-2026-6583 was published Apr 20, 2026
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects... Moderate Unreviewed
CVE-2026-6584 was published Apr 20, 2026
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects... Moderate Unreviewed
CVE-2026-6585 was published Apr 20, 2026
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the... Moderate Unreviewed
CVE-2026-6586 was published Apr 20, 2026
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability... Moderate Unreviewed
CVE-2026-6571 was published Apr 19, 2026
A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function... Moderate Unreviewed
CVE-2026-6570 was published Apr 19, 2026
An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0... Moderate Unreviewed
CVE-2026-38533 was published Apr 14, 2026
DNN: Force Friend Request Acceptance Moderate
CVE-2026-40305 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
JesseClarkTT Credited to JesseClarkTT, bdukes, and valadas bdukes bdukes
valadas valadas
decolua 9router vulnerable to authorization bypass Moderate
CVE-2026-5842 was published for 9router (npm) Apr 9, 2026
monetr: Protected Transactions Deletable via PUT Moderate
CVE-2026-39901 was published for github.com/monetr/monetr (Go) Apr 8, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, th3fallen, and elliotcourant Across-Verticals-Malaysia Across-Verticals-Malaysia
th3fallen th3fallen elliotcourant elliotcourant
CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files Moderate
CVE-2026-39389 was published for ci4-cms-erp/ci4ms (Composer) Apr 8, 2026
offset Credited to offset
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database