Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,192 advisories

Loading
OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata Moderate
GHSA-7jx5-9fjg-hp4m was published for openclaw (npm) Feb 27, 2026
nedlir Credited to nedlir
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference ... Moderate Unreviewed
CVE-2026-1558 was published Feb 27, 2026
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup Moderate
CVE-2026-27839 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data Low
CVE-2026-27838 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data Moderate
CVE-2026-27835 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown... Moderate Unreviewed
CVE-2026-3185 was published Feb 25, 2026
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2025-14742 was published Feb 25, 2026
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited,... Critical Unreviewed
CVE-2025-40541 was published Feb 24, 2026
An improper access control vulnerability exists where an authenticated user could access areas... Moderate Unreviewed
CVE-2026-2698 was published Feb 23, 2026
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to... Moderate Unreviewed
CVE-2026-2697 was published Feb 23, 2026
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After... Moderate Unreviewed
CVE-2026-2997 was published Feb 23, 2026
Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy... High Unreviewed
CVE-2026-24950 was published Feb 20, 2026
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the... Moderate Unreviewed
CVE-2025-15582 was published Feb 20, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet... High Unreviewed
CVE-2026-22383 was published Feb 20, 2026
Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows... High Unreviewed
CVE-2025-69394 was published Feb 20, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member... Moderate Unreviewed
CVE-2025-68514 was published Feb 20, 2026
Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket... High Unreviewed
CVE-2025-68051 was published Feb 20, 2026
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is... Moderate Unreviewed
CVE-2026-1219 was published Feb 19, 2026
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And... Moderate Unreviewed
CVE-2026-25324 was published Feb 19, 2026
Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager... Moderate Unreviewed
CVE-2026-25005 was published Feb 19, 2026
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user... Moderate Unreviewed
CVE-2025-13842 was published Feb 19, 2026
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and... High Unreviewed
CVE-2025-9062 was published Feb 19, 2026
The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure... Moderate Unreviewed
CVE-2025-70063 was published Feb 18, 2026
The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2026-2230 was published Feb 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database