GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
4,408 advisories
Filter by severity
Kimai: Pre-2FA KIMAI_SESSION cookie grants full authenticated REST API access, bypassing TOTP
High
CVE-2026-52827
was published
for
kimai/kimai
(Composer)
Jul 14, 2026
FacturaScripts: Account takeover of any 2FA-enabled user
Critical
CVE-2026-47677
was published
for
facturascripts/facturascripts
(Composer)
Jul 13, 2026
Apollo ConfigService access key authentication bypass via raw config file appId parsing
High
CVE-2026-59955
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Jul 13, 2026
Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching
High
CVE-2026-59954
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Jul 13, 2026
Decidim: JWT-backed authentication can be replayed across organizations
High
CVE-2026-45414
was published
for
decidim
(RubyGems)
Jul 13, 2026
The charging station does not require authentication for Bluetooth commands to perform actions....
High
Unreviewed
CVE-2026-22099
was published
Jul 13, 2026
A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is...
Moderate
Unreviewed
CVE-2026-15557
was published
Jul 13, 2026
A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function...
Moderate
Unreviewed
CVE-2026-15542
was published
Jul 13, 2026
A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to...
Moderate
Unreviewed
CVE-2026-15491
was published
Jul 12, 2026
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.
Moderate
Unreviewed
CVE-2026-15087
was published
Jul 11, 2026
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest...
Critical
Unreviewed
CVE-2026-15089
was published
Jul 11, 2026
TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation
Critical
GHSA-g936-7jqj-mwv8
was published
for
github.com/almeidapaulopt/tsdproxy
(Go)
Jul 10, 2026
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Critical
Unreviewed
CVE-2026-12761
was published
Jul 10, 2026
File Browser: Authentication Bypass via Proxy Auth Header Forgery
Critical
CVE-2026-54089
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Jul 10, 2026
Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation...
Moderate
Unreviewed
CVE-2026-56312
was published
Jul 10, 2026
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified...
High
Unreviewed
CVE-2026-12595
was published
Jul 10, 2026
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub...
High
Unreviewed
CVE-2026-12597
was published
Jul 10, 2026
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to...
High
Unreviewed
CVE-2026-12598
was published
Jul 10, 2026
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function...
Moderate
Unreviewed
CVE-2026-15192
was published
Jul 9, 2026
An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through...
Critical
Unreviewed
CVE-2026-9695
was published
Jul 8, 2026
Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication...
Critical
Unreviewed
CVE-2026-37271
was published
Jul 8, 2026
Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability...
Critical
Unreviewed
CVE-2026-37270
was published
Jul 8, 2026
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
Moderate
GHSA-f66q-9rf6-8795
was published
for
Flask-Security-Too
(pip)
Jul 7, 2026
Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email
High
CVE-2026-53516
was published
for
better-auth
(npm)
Jul 7, 2026
Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin
High
CVE-2026-53514
was published
for
better-auth
(npm)
Jul 7, 2026
ProTip!
Advisories are also available from the
GraphQL API