Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata Low
GHSA-44px-qjjc-xrhq was published for craftcms/cms (Composer) Mar 26, 2026
GCXWLP Credited to GCXWLP
Craft CMS' anonymous "assets/image-editor" calls return private asset editor metadata to unauthorized users Low
CVE-2026-33161 was published for craftcms/cms (Composer) Mar 24, 2026
Susen2 Credited to Susen2
Craft CMS may expose private assets through anonymous "generate transform" calls via transform URL Low
CVE-2026-33160 was published for craftcms/cms (Composer) Mar 24, 2026
GCXWLP Credited to GCXWLP
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows... Low Unreviewed
CVE-2026-32445 was published Mar 13, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8... Low Unreviewed
CVE-2025-12704 was published Mar 11, 2026
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated... Low Unreviewed
CVE-2026-24310 was published Mar 10, 2026
OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows Low
CVE-2026-27484 was published for openclaw (npm) Feb 20, 2026
aether-ai-agent Credited to aether-ai-agent
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook... Low Unreviewed
CVE-2026-25423 was published Feb 19, 2026
The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions... Low Unreviewed
CVE-2025-14270 was published Feb 19, 2026
The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized... Low Unreviewed
CVE-2026-1831 was published Feb 18, 2026
Mattermost fails to enforce invite permissions when updating team settings Low
CVE-2025-14573 was published for github.com/mattermost/mattermost-server (Go) Feb 16, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18... Low Unreviewed
CVE-2025-14592 was published Feb 11, 2026
Tanium addressed an improper access controls vulnerability in Interact. Low Unreviewed
CVE-2025-15289 was published Feb 5, 2026
A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8... Low Unreviewed
CVE-2026-1751 was published Feb 2, 2026
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... Low Unreviewed
CVE-2025-14457 was published Jan 15, 2026
Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows... Low Unreviewed
CVE-2025-69015 was published Dec 30, 2025
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc... Low Unreviewed
CVE-2025-54004 was published Dec 16, 2025
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to... Low Unreviewed
CVE-2025-9218 was published Dec 13, 2025
The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2025-10583 was published Dec 12, 2025
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE Low
CVE-2025-67737 was published for azuracast/azuracast (Composer) Dec 11, 2025
Cillian-Collins Credited to Cillian-Collins
A user with access to the cluster with a limited set of privilege actions may be able to... Low Unreviewed
CVE-2025-13643 was published Nov 25, 2025
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve... Low Unreviewed
CVE-2025-12817 was published Nov 13, 2025
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via... Low Unreviewed
CVE-2025-64681 was published Nov 10, 2025
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential... Low Unreviewed
CVE-2025-64352 was published Oct 31, 2025
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows... Low Unreviewed
CVE-2025-64350 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database