Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,805
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,275 advisories

Loading
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload... High Unreviewed
CVE-2026-41937 was published May 14, 2026
Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller... High Unreviewed
CVE-2026-41935 was published May 14, 2026
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology... High Unreviewed
CVE-2025-15025 was published May 14, 2026
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin... High Unreviewed
CVE-2026-6475 was published May 14, 2026
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database... High Unreviewed
CVE-2026-4029 was published May 14, 2026
SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription... High Unreviewed
CVE-2026-6476 was published May 14, 2026
Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq... High Unreviewed
CVE-2026-6477 was published May 14, 2026
The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in... High Unreviewed
CVE-2026-4031 was published May 14, 2026
Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and... High Unreviewed
CVE-2025-12008 was published May 14, 2026
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary... High Unreviewed
CVE-2026-4030 was published May 14, 2026
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to... High Unreviewed
CVE-2026-6637 was published May 14, 2026
Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘... High Unreviewed
CVE-2026-5798 was published May 14, 2026
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to... High Unreviewed
CVE-2026-6473 was published May 14, 2026
Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged... High Unreviewed
CVE-2025-62628 was published May 14, 2026
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect... High Unreviewed
CVE-2026-6479 was published May 14, 2026
FlowiseAI Vulnerable to Credential Data Leak High
GHSA-7g73-99r4-m4mj was published for flowise (npm) May 14, 2026
Dimpyj1604 Credited to Dimpyj1604
FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment High
GHSA-hp26-q66v-q2w7 was published for flowise (npm) May 14, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Flowise has an MCP Security Bypass that Enables RCE High
GHSA-m99r-2hxc-cp3q was published for flowise (npm) May 14, 2026
cn-panda Credited to cn-panda
FlowiseAI Exposes Basic Auth Credentials via API High
GHSA-php6-83fg-gw3g was published for flowise (npm) May 14, 2026
kolega-ai-dev Credited to kolega-ai-dev
FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment High
CVE-2026-42863 was published for flowise (npm) May 14, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment High
CVE-2026-42862 was published for flowise (npm) May 14, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment High
CVE-2026-42861 was published for flowise (npm) May 14, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration High
CVE-2026-41249 was published for coreshop/core-shop (Composer) May 14, 2026
smiotani-aeyesec Credited to smiotani-aeyesec
Fleet server may terminate unexpectedly when handling certain gRPC requests High
CVE-2026-26062 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
Fleet Windows MDM Azure AD JWT Authentication Bypass High
CVE-2026-24899 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
zaddy6 Credited to zaddy6 and arthurgervais arthurgervais arthurgervais
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database