Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

14,276 advisories

Loading
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2026-3844 was published Apr 23, 2026
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation... Critical Unreviewed
CVE-2026-34415 was published Apr 22, 2026
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known... Critical Unreviewed
CVE-2026-41468 was published Apr 22, 2026
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2026-3461 was published Apr 22, 2026
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... Critical Unreviewed
CVE-2026-1555 was published Apr 22, 2026
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain... Critical Unreviewed
CVE-2018-25272 was published Apr 22, 2026
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2018-25270 was published Apr 22, 2026
A vulnerability in the web application allows standard users to escalate their privileges to... Critical Unreviewed
CVE-2026-6356 was published Apr 22, 2026
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions... Critical Unreviewed
CVE-2026-4119 was published Apr 22, 2026
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the ... Critical Unreviewed
CVE-2026-6235 was published Apr 22, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34287 was published Apr 21, 2026
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on... Critical Unreviewed
CVE-2026-33519 was published Apr 21, 2026
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows... Critical Unreviewed
CVE-2026-33518 was published Apr 21, 2026
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager... Critical Unreviewed
CVE-2026-34279 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34285 was published Apr 21, 2026
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite ... Critical Unreviewed
CVE-2026-34275 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Critical Unreviewed
CVE-2026-34286 was published Apr 21, 2026
An insecure direct object reference vulnerability in the Users API component of Crafty Controller... Critical Unreviewed
CVE-2026-5652 was published Apr 21, 2026
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon... Critical Unreviewed
CVE-2019-25714 was published Apr 21, 2026
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an... Critical Unreviewed
CVE-2025-41029 was published Apr 21, 2026
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net:... Critical Unreviewed
CVE-2025-15638 was published Apr 21, 2026
Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored... Critical Unreviewed
CVE-2017-20230 was published Apr 21, 2026
CrowdStrike has released security updates to address a critical unauthenticated path traversal... Critical Unreviewed
CVE-2026-40050 was published Apr 21, 2026
This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0... Critical Unreviewed
CVE-2026-21571 was published Apr 21, 2026
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the... Critical Unreviewed
CVE-2026-38835 was published Apr 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database