Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,653
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,860
Pub
13
RubyGems
1,050
Rust
1,304
Swift
53
Unreviewed advisories
All unreviewed
5,000+

7,175 advisories

Loading
phpVMS has an /importer authorization bypass causing full database wipe Critical
CVE-2026-42569 was published for nabeel/phpvms (Composer) May 4, 2026
peter-bosch Credited to peter-bosch
AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration Moderate
GHSA-qff7-q5fm-8p76 was published for azuracast/azuracast (Composer) May 4, 2026
offset Credited to offset
AzuraCast's Missing RequireInternalConnection on Liquidsoap API Allows Low-Privilege Metadata Injection and Broadcast Disruption Moderate
GHSA-4fm3-ggg2-c6qx was published for azuracast/azuracast (Composer) May 4, 2026
offset Credited to offset
Argo has Missing Authorization in its Sync ConfigMap Provider High
CVE-2026-42297 was published for github.com/argoproj/argo-workflows/v4 (Go) May 4, 2026
nebojsaj1726 Credited to nebojsaj1726, Joibel, and isubasinghe Joibel Joibel
isubasinghe isubasinghe
Kirby CMS's system API endpoint leaks installed version and license data to authenticated users Moderate
CVE-2026-42051 was published for getkirby/cms (Composer) May 4, 2026
HuajiHD Credited to HuajiHD and 0x-bala 0x-bala 0x-bala
Kirby CMS doesn't gate user avatar creation, replacement and deletion with user update permissions Moderate
CVE-2026-42174 was published for getkirby/cms (Composer) May 4, 2026
Kirby CMS's read access to site, user and role information is not gated by permissions High
CVE-2026-42069 was published for getkirby/cms (Composer) May 4, 2026
HuajiHD Credited to HuajiHD
The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and... High Unreviewed
CVE-2026-4100 was published May 2, 2026
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2026-4024 was published May 2, 2026
The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in... Moderate Unreviewed
CVE-2026-4650 was published May 2, 2026
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing... High Unreviewed
CVE-2026-6963 was published May 2, 2026
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for... Moderate Unreviewed
CVE-2026-3143 was published May 1, 2026
Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API High
CVE-2026-42137 was published for getkirby/cms (Composer) Apr 30, 2026
Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets) High
CVE-2026-42461 was published for github.com/getarcaneapp/arcane/backend (Go) Apr 30, 2026
Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items Moderate
CVE-2026-41658 was published for admidio/admidio (Composer) Apr 29, 2026
offset Credited to offset
OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners Moderate
GHSA-c28g-vh7m-fm7v was published for openclaw (npm) Apr 29, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay High
CVE-2026-42226 was published for n8n (npm) Apr 29, 2026
ESPanda666 Credited to ESPanda666
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution Moderate
CVE-2026-42228 was published for n8n (npm) Apr 29, 2026
34selen Credited to 34selen
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and... Moderate Unreviewed
CVE-2026-42522 was published Apr 29, 2026
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier... Moderate Unreviewed
CVE-2026-42519 was published Apr 29, 2026
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-42642 was published Apr 29, 2026
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg... Moderate Unreviewed
CVE-2026-42648 was published Apr 29, 2026
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data... Moderate Unreviewed
CVE-2026-4019 was published Apr 29, 2026
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-42412 was published Apr 29, 2026
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting... High Unreviewed
CVE-2026-42377 was published Apr 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database