Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,018 advisories

Loading
Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access Moderate
CVE-2026-24748 was published for github.com/akuity/kargo (Go) Jan 27, 2026
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote... High Unreviewed
CVE-2020-36948 was published Jan 27, 2026
The dashboard permissions API does not verify the target dashboard scope and only checks the... High Unreviewed
CVE-2026-21721 was published Jan 27, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an... High Unreviewed
CVE-2026-24428 was published Jan 26, 2026
An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC,... Critical Unreviewed
CVE-2025-66719 was published Jan 23, 2026
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2025-14866 was published Jan 23, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18... High Unreviewed
CVE-2025-13928 was published Jan 22, 2026
Keycloak services allows the issuance of access and refresh tokens for disabled users Moderate
CVE-2025-14559 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
julianladisch Credited to julianladisch and eminaktas eminaktas eminaktas
Fleet has an Access Control vulnerability in debug/pprof endpoints High
CVE-2026-23517 was published for github.com/fleetdm/fleet (Go) Jan 20, 2026
prateek-0490 Credited to prateek-0490 and iansltx iansltx iansltx
External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function Critical
CVE-2026-22822 was published for github.com/external-secrets/external-secrets (Go) Jan 20, 2026
evrardjp Credited to evrardjp, budimanjojo, and gusfcarvalho budimanjojo budimanjojo
gusfcarvalho gusfcarvalho
Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows... High Unreviewed
CVE-2026-1007 was published Jan 19, 2026
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over... High Unreviewed
CVE-2026-20960 was published Jan 17, 2026
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a... Moderate Unreviewed
CVE-2025-43904 was published Jan 16, 2026
Certain system functions may be accessed without proper authorization, allowing attackers to... High Unreviewed
CVE-2026-22909 was published Jan 15, 2026
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated... High Unreviewed
CVE-2026-0713 was published Jan 15, 2026
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0... High Unreviewed
CVE-2025-66005 was published Jan 14, 2026
The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-15513 was published Jan 14, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization... High Unreviewed
CVE-2026-21274 was published Jan 13, 2026
TYPO3 CMS Allows Broken Access Control in Edit Document Controller Moderate
CVE-2025-59020 was published for typo3/cms-backend (Composer) Jan 13, 2026
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in... Moderate Unreviewed
CVE-2026-0684 was published Jan 13, 2026
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated... High Unreviewed
CVE-2025-41078 was published Jan 12, 2026
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to,... Moderate Unreviewed
CVE-2026-0831 was published Jan 10, 2026
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14943 was published Jan 10, 2026
### Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier... Low Unreviewed
CVE-2025-62487 was published Jan 10, 2026
The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13753 was published Jan 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database