Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

7,437 advisories

Loading
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} Critical
CVE-2026-47416 was published for praisonai-platform (pip) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role High
CVE-2026-47409 was published for praisonai-platform (pip) May 29, 2026
PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership High
CVE-2026-47405 was published for praisonai-platform (pip) May 29, 2026
beanduan22 Credited to beanduan22
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API High
CVE-2026-48169 was published for praisonai-platform (pip) May 29, 2026
joshuaalwin Credited to joshuaalwin
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate High
CVE-2026-47394 was published for PraisonAI (pip) May 29, 2026
beanduan22 Credited to beanduan22
stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback Critical
GHSA-fp6w-8wpg-74g5 was published for stigmem-node (pip) May 29, 2026
Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024 Moderate
CVE-2026-47233 was published for admidio/admidio (Composer) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges Moderate
CVE-2026-47226 was published for admidio/admidio (Composer) May 29, 2026
VishaaLlKumaaRr Credited to VishaaLlKumaaRr
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to... Moderate Unreviewed
CVE-2026-49385 was published May 29, 2026
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account High Unreviewed
CVE-2026-49367 was published May 29, 2026
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration... High Unreviewed
CVE-2026-49374 was published May 29, 2026
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion Moderate Unreviewed
CVE-2026-49378 was published May 29, 2026
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval... High Unreviewed
CVE-2026-35630 was published May 29, 2026
OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device... High Unreviewed
CVE-2026-32905 was published May 29, 2026
HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing... High Unreviewed
CVE-2018-25391 was published May 29, 2026
Ironic Standalone Operator's controller modifies user-owned resources without consent Moderate
GHSA-hfc8-w5f4-3x6m was published for github.com/metal3-io/ironic-standalone-operator (Go) May 29, 2026
The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json... Critical Unreviewed
CVE-2026-4290 was published May 29, 2026
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12714 was published May 29, 2026
FUXA provides guest and invalid-token access to protected read APIs in secure mode Moderate
CVE-2026-47718 was published for fuxa-server (npm) May 28, 2026
north-echo Credited to north-echo
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-8689 was published May 28, 2026
The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for... Moderate Unreviewed
CVE-2026-9015 was published May 28, 2026
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... Moderate Unreviewed
CVE-2026-6937 was published May 28, 2026
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is... Moderate Unreviewed
CVE-2026-8682 was published May 28, 2026
The Geo Mashup plugin for WordPress is vulnerable to authorization bypass in all versions up to,... Moderate Unreviewed
CVE-2026-7552 was published May 28, 2026
The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2026-7621 was published May 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database