Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,867
Maven
5,000+
npm
4,488
NuGet
780
pip
4,244
Pub
12
RubyGems
975
Rust
1,096
Swift
49
Unreviewed advisories
All unreviewed
5,000+

3,789 advisories

Loading
Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to... Critical Unreviewed
CVE-2025-70985 was published Jan 23, 2026
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with... Critical Unreviewed
CVE-2025-70983 was published Jan 23, 2026
Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers... High Unreviewed
CVE-2025-70986 was published Jan 23, 2026
phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) Moderate
CVE-2026-24420 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad
Credited to Brahim-Fouad
An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to... High Unreviewed
CVE-2025-69908 was published Jan 23, 2026
An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing... High Unreviewed
CVE-2025-69907 was published Jan 23, 2026
Improper access control in Azure Resource Manager allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-24304 was published Jan 23, 2026
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-24306 was published Jan 23, 2026
Gitea does not properly validate ownership when toggling OpenID URI visibility Moderate
CVE-2026-20904 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly validate repository ownership when linking attachments to releases Moderate
CVE-2026-20912 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea may send release notification emails for private repositories to users whose access has been revoked Low
CVE-2026-0798 was published for code.gitea.io/gitea (Go) Jan 23, 2026
Gitea does not properly validate project ownership in organization project operations Moderate
CVE-2026-20750 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface Moderate
CVE-2026-20888 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea improperly exposes issue titles and repository names through previously started stopwatches Low
CVE-2026-20883 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly validate repository ownership when deleting Git LFS locks Moderate
CVE-2026-20897 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea has improper access control for uploaded attachments Low
CVE-2026-20736 was published for code.gitea.io/gitea (Go) Jan 23, 2026
Keycloak Admin REST API exposes backend schema and rules Low
CVE-2025-14083 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle... Critical Unreviewed
CVE-2026-21962 was published Jan 21, 2026
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow... Moderate Unreviewed
CVE-2026-21959 was published Jan 21, 2026
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java... Moderate Unreviewed
CVE-2026-21960 was published Jan 21, 2026
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft ... Moderate Unreviewed
CVE-2026-21961 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21982 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21984 was published Jan 21, 2026
A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass... Moderate Unreviewed
CVE-2026-21636 was published Jan 20, 2026
Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion Low
CVE-2026-23522 was published for @lobehub/chat (npm) Jan 20, 2026
DenizParlak
Credited to DenizParlak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database