Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

7,137 advisories

Loading
A vulnerability in SenseLive X3050's web management interface allows critical system and network... High Unreviewed
CVE-2026-40623 was published Apr 24, 2026
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired... High Unreviewed
CVE-2026-41352 was published Apr 24, 2026
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to... High Unreviewed
CVE-2026-41349 was published Apr 24, 2026
Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers High
CVE-2026-33318 was published for @actual-app/sync-server (npm) Apr 23, 2026
Rex50527 Credited to Rex50527
Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting... Moderate Unreviewed
CVE-2025-62104 was published Apr 23, 2026
The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for... High Unreviewed
CVE-2026-5464 was published Apr 23, 2026
WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API... High Unreviewed
CVE-2026-41454 was published Apr 23, 2026
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed
CVE-2026-3649 was published Apr 22, 2026
The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress... Moderate Unreviewed
CVE-2026-1314 was published Apr 22, 2026
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all... Moderate Unreviewed
CVE-2026-3642 was published Apr 22, 2026
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to... Moderate Unreviewed
CVE-2026-4812 was published Apr 22, 2026
RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks High
CVE-2026-40937 was published for rustfs (Rust) Apr 22, 2026
kodareef5 Credited to kodareef5
The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2026-1930 was published Apr 22, 2026
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the ... Critical Unreviewed
CVE-2026-6235 was published Apr 22, 2026
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions... Critical Unreviewed
CVE-2026-4119 was published Apr 22, 2026
The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing... Moderate Unreviewed
CVE-2026-4128 was published Apr 22, 2026
The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and... Moderate Unreviewed
CVE-2026-4117 was published Apr 22, 2026
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated... High Unreviewed
CVE-2026-6834 was published Apr 22, 2026
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo... Moderate Unreviewed
CVE-2026-40730 was published Apr 21, 2026
Neko has a Self-service Privilege Escalation for Authenticated Users High
CVE-2026-39386 was published for github.com/m1k1o/neko/server (Go) Apr 21, 2026
blitzkrieg-patch Credited to blitzkrieg-patch
OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure Moderate
CVE-2026-40098 was published for openmage/magento-lts (Composer) Apr 21, 2026
LoGGGG2402 Credited to LoGGGG2402
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-6703 was published Apr 21, 2026
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows High
GHSA-82qx-6vj7-p8m2 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
OpenClaw: Empty approver lists could grant explicit approval authorization Moderate
GHSA-49cg-279w-m73x was published for openclaw (npm) Apr 17, 2026
anshumanbh Credited to anshumanbh
OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks Low
GHSA-gc9r-867r-j85f was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database