Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,461 advisories

Loading
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check High
CVE-2026-34046 was published for langflow (pip) Mar 27, 2026
chximn-dt Credited to chximn-dt and AntonioABLima AntonioABLima AntonioABLima
act: actions/cache server allows malicious cache injection High
CVE-2026-34042 was published for github.com/nektos/act (Go) Mar 27, 2026
programmerjake Credited to programmerjake
OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement High
GHSA-3w6x-gv34-mqpf was published for openclaw (npm) Mar 26, 2026
tdjackey Credited to tdjackey
OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers High
GHSA-wq58-2pvg-5h4f was published for openclaw (npm) Mar 26, 2026
smaeljaish771 Credited to smaeljaish771
Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows... High Unreviewed
CVE-2026-32546 was published Mar 25, 2026
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows... High Unreviewed
CVE-2026-32495 was published Mar 25, 2026
Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro... High Unreviewed
CVE-2026-32501 was published Mar 25, 2026
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting... High Unreviewed
CVE-2026-32515 was published Mar 25, 2026
Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce... High Unreviewed
CVE-2026-31921 was published Mar 25, 2026
Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export... High Unreviewed
CVE-2026-32441 was published Mar 25, 2026
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting... High Unreviewed
CVE-2026-32485 was published Mar 25, 2026
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form... High Unreviewed
CVE-2026-32498 was published Mar 25, 2026
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting... High Unreviewed
CVE-2026-25401 was published Mar 25, 2026
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce... High Unreviewed
CVE-2026-25396 was published Mar 25, 2026
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with... High Unreviewed
CVE-2026-25456 was published Mar 25, 2026
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors... High Unreviewed
CVE-2026-25309 was published Mar 25, 2026
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for... High Unreviewed
CVE-2026-25317 was published Mar 25, 2026
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly... High Unreviewed
CVE-2026-25026 was published Mar 25, 2026
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings... High Unreviewed
CVE-2026-23806 was published Mar 25, 2026
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce... High Unreviewed
CVE-2026-23977 was published Mar 25, 2026
Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder... High Unreviewed
CVE-2026-24363 was published Mar 25, 2026
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly... High Unreviewed
CVE-2026-24369 was published Mar 25, 2026
Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting... High Unreviewed
CVE-2026-24382 was published Mar 25, 2026
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management... High Unreviewed
CVE-2025-69358 was published Mar 25, 2026
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to... High Unreviewed
CVE-2026-4261 was published Mar 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database