Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13,507 advisories

Loading
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to... Low Unreviewed
CVE-2025-40895 was published Mar 4, 2026
Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1,... Low Unreviewed
CVE-2026-21422 was published Mar 4, 2026
Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF) Low
CVE-2026-2994 was published for concrete5/concrete5 (Composer) Mar 4, 2026
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode Low
GHSA-8mf7-vv8w-hjr2 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
GHSA-v6x2-2qvm-6gv8 was published for openclaw (npm) Mar 3, 2026
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity Low
GHSA-gcj7-r3hg-m7w6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model Low
GHSA-7qf6-h84j-8fq4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's runtime /debug override path accepted prototype-reserved keys Low
GHSA-62f6-mrcj-v8h5 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Low
GHSA-vvgp-4c28-m3jm was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in ... Low Unreviewed
CVE-2026-26891 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26887 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26889 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26888 was published Mar 3, 2026
Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options Low
GHSA-4mgv-366x-qxvx was published for craftcms/cms (Composer) Mar 3, 2026
mHe4am Credited to mHe4am
aws-kms-tls-auth vulnerable to memory overallocation Low
GHSA-5whh-4q9j-7v28 was published for aws-kms-tls-auth (Rust) Mar 3, 2026
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a... Low Unreviewed
CVE-2023-31044 was published Mar 3, 2026
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in... Low Unreviewed
CVE-2026-26884 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26890 was published Mar 3, 2026
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in... Low Unreviewed
CVE-2026-26883 was published Mar 3, 2026
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in... Low Unreviewed
CVE-2026-26885 was published Mar 3, 2026
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in... Low Unreviewed
CVE-2026-26886 was published Mar 3, 2026
A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this... Low Unreviewed
CVE-2026-3465 was published Mar 3, 2026
Django has a Race Condition vulnerability Low
CVE-2026-25674 was published for Django (pip) Mar 3, 2026
mailparser vulnerable to Cross-site Scripting Low
CVE-2026-3455 was published for mailparser (npm) Mar 3, 2026
@tootallnate/once vulnerable to Incorrect Control Flow Scoping Low
CVE-2026-3449 was published for @tootallnate/once (npm) Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database