GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
4,703 advisories
Filter by severity
Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
Moderate
GHSA-382c-vx95-w3p5
was published
for
@jsonbored/gittensory-mcp
(npm)
Jul 9, 2026
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to...
High
Unreviewed
CVE-2026-58525
was published
Jul 8, 2026
Capgo before 12.128.2 contains a policy bypass vulnerability in app_versions update enforcement...
Moderate
Unreviewed
CVE-2026-56217
was published
Jul 8, 2026
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org...
Low
Unreviewed
CVE-2026-28378
was published
Jul 8, 2026
An improper access check allows unauthorized users to access workflow stage and transition...
Moderate
Unreviewed
CVE-2026-48955
was published
Jul 7, 2026
An improper access check allows unauthorized users to create custom fields via webservices...
Moderate
Unreviewed
CVE-2026-48958
was published
Jul 7, 2026
An improper access check allows users to display a list of modules in the frontend.
Moderate
Unreviewed
CVE-2026-48956
was published
Jul 7, 2026
An improper access check allows unauthorized users to access com_privacy datasets.
Moderate
Unreviewed
CVE-2026-48957
was published
Jul 7, 2026
An improper access check allows privileged users to overwrite media files without editing...
Moderate
Unreviewed
CVE-2026-48947
was published
Jul 7, 2026
An improper access check allows user to download vcard exports of com_contact contacts that are...
Moderate
Unreviewed
CVE-2026-48948
was published
Jul 7, 2026
Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)
High
GHSA-7jvp-hj45-2f2m
was published
for
Scriban
(NuGet)
Jul 6, 2026
Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded...
Critical
Unreviewed
CVE-2026-24014
was published
Jul 6, 2026
A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1...
Low
Unreviewed
CVE-2026-14777
was published
Jul 6, 2026
A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1...
Low
Unreviewed
CVE-2026-14775
was published
Jul 6, 2026
A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management...
Low
Unreviewed
CVE-2026-14776
was published
Jul 6, 2026
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in...
High
Unreviewed
CVE-2026-9085
was published
Jul 5, 2026
A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an...
Moderate
Unreviewed
CVE-2026-14736
was published
Jul 5, 2026
A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and...
Low
Unreviewed
CVE-2026-14698
was published
Jul 5, 2026
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the...
High
Unreviewed
CVE-2025-71380
was published
Jul 4, 2026
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a...
Moderate
Unreviewed
CVE-2026-58523
was published
Jul 4, 2026
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to...
High
Unreviewed
CVE-2026-58286
was published
Jul 3, 2026
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to...
High
Unreviewed
CVE-2026-58282
was published
Jul 3, 2026
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting...
High
Unreviewed
CVE-2026-27779
was published
Jul 3, 2026
Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull...
High
Unreviewed
CVE-2026-24690
was published
Jul 3, 2026
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs...
High
Unreviewed
CVE-2026-25712
was published
Jul 3, 2026
ProTip!
Advisories are also available from the
GraphQL API