GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,135
Composer 5,773
Erlang 55
GitHub Actions 50
Go 3,732
Maven 6,532
npm 6,042
NuGet 935
pip 4,952
Pub 13
RubyGems 1,055
Rust 1,343
Swift 54

Unreviewed advisories

All unreviewed 301,038

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

170 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Keycloak has a Forced Browsing issue Moderate

CVE-2026-7500 was published for org.keycloak:keycloak-services (Maven) Apr 30, 2026

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via... Moderate Unreviewed

CVE-2024-58343 was published Apr 17, 2026

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an... Moderate Unreviewed

CVE-2026-4900 was published Mar 27, 2026

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0... Moderate Unreviewed

CVE-2026-4532 was published Mar 22, 2026

Spring Security HTTP Headers Are not Written Under Some Conditions Critical

CVE-2026-22732 was published for org.springframework.security:spring-security-web (Maven) Mar 20, 2026

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess... Moderate Unreviewed

CVE-2026-32867 was published Mar 19, 2026

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged... High Unreviewed

CVE-2025-15587 was published Mar 16, 2026

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. High Unreviewed

CVE-2026-25679 was published Mar 7, 2026

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some... Moderate Unreviewed

CVE-2026-1978 was published Feb 6, 2026

ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This... Moderate Unreviewed

CVE-2026-0790 was published Jan 23, 2026

OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware Critical

CVE-2026-0650 was published for github.com/openflagr/flagr (Go) Jan 7, 2026

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the... Moderate Unreviewed

CVE-2025-15153 was published Dec 28, 2025

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to... Moderate Unreviewed

CVE-2025-67844 was published Dec 19, 2025

In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view... High Unreviewed

CVE-2025-65011 was published Dec 18, 2025

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access... Moderate Unreviewed

CVE-2025-26381 was published Dec 17, 2025

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business... Moderate Unreviewed

CVE-2025-14697 was published Dec 15, 2025

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6... Low Unreviewed

CVE-2025-57823 was published Dec 9, 2025

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5... Moderate Unreviewed

CVE-2025-6195 was published Nov 26, 2025

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/... Moderate Unreviewed

CVE-2025-11280 was published Oct 5, 2025

Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api... Moderate Unreviewed

CVE-2025-59797 was published Sep 22, 2025

A vulnerability has been found in roncoo roncoo-pay up to... Low Unreviewed

CVE-2025-10287 was published Sep 12, 2025

AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow... Moderate Unreviewed

CVE-2025-31971 was published Aug 28, 2025

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint... Moderate Unreviewed

CVE-2025-53073 was published Jun 26, 2025

Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If... Moderate Unreviewed

CVE-2025-41404 was published Jun 26, 2025

Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within... Moderate Unreviewed

CVE-2025-52920 was published Jun 23, 2025

Previous1…7 Next

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

170 advisories