Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6,759 advisories

Loading
A Fleet team maintainer can transfer hosts from any team via missing source team authorization Moderate
CVE-2026-29180 was published for github.com/fleetdm/fleet/v4 (Go) Mar 27, 2026
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check High
CVE-2026-34046 was published for langflow (pip) Mar 27, 2026
chximn-dt Credited to chximn-dt and AntonioABLima AntonioABLima AntonioABLima
act: actions/cache server allows malicious cache injection High
CVE-2026-34042 was published for github.com/nektos/act (Go) Mar 27, 2026
programmerjake Credited to programmerjake
Open WebUI has unauthorized deletion of knowledge files Moderate
CVE-2026-29070 was published for open-webui (pip) Mar 27, 2026
ScaumAcktiv Credited to ScaumAcktiv
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or... Moderate Unreviewed
CVE-2026-5022 was published Mar 27, 2026
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read... Moderate Unreviewed
CVE-2026-5025 was published Mar 27, 2026
Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get... Moderate Unreviewed
CVE-2026-4309 was published Mar 27, 2026
The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up... Moderate Unreviewed
CVE-2026-3098 was published Mar 27, 2026
OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement High
GHSA-3w6x-gv34-mqpf was published for openclaw (npm) Mar 26, 2026
tdjackey Credited to tdjackey
Statamic allows unauthorized content access through missing authorization in its revision controllers Moderate
CVE-2026-33887 was published for statamic/cms (Composer) Mar 26, 2026
offset Credited to offset
OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers High
GHSA-wq58-2pvg-5h4f was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771
Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path` Moderate
CVE-2026-33768 was published for @astrojs/vercel (npm) Mar 26, 2026
jp-soba Credited to jp-soba
AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings Moderate
CVE-2026-33761 was published for wwbn/avideo (Composer) Mar 26, 2026
offset Credited to offset
AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents Moderate
CVE-2026-33759 was published for wwbn/avideo (Composer) Mar 26, 2026
offset Credited to offset
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata Low
GHSA-44px-qjjc-xrhq was published for craftcms/cms (Composer) Mar 26, 2026
GCXWLP Credited to GCXWLP
The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing... Moderate Unreviewed
CVE-2026-4281 was published Mar 26, 2026
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-4331 was published Mar 26, 2026
The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2026-4484 was published Mar 26, 2026
AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data Moderate
CVE-2026-33685 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting... Moderate Unreviewed
CVE-2026-32562 was published Mar 25, 2026
Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows... High Unreviewed
CVE-2026-32546 was published Mar 25, 2026
Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect... Moderate Unreviewed
CVE-2026-32541 was published Mar 25, 2026
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows... High Unreviewed
CVE-2026-32495 was published Mar 25, 2026
Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro... High Unreviewed
CVE-2026-32501 was published Mar 25, 2026
Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting... Moderate Unreviewed
CVE-2026-32514 was published Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database