Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13,508 advisories

Loading
@tootallnate/once vulnerable to Incorrect Control Flow Scoping Low
CVE-2026-3449 was published for @tootallnate/once (npm) Mar 3, 2026
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged... Low Unreviewed
CVE-2026-20757 was published Mar 3, 2026
OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read Low
GHSA-5ghc-98wh-gwwf was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains Low
GHSA-5f9p-f3w2-fwch was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage Low
GHSA-wm8r-w8pf-2v6w was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
NocoDB has Plaintext Storage of Shared View Passwords Low
CVE-2026-28360 was published for nocodb (npm) Mar 2, 2026
Tulgaaaaaaaa Credited to Tulgaaaaaaaa
NocoDB Vulnerable to User Enumeration via Password Reset Endpoint Low
CVE-2026-28358 was published for nocodb (npm) Mar 2, 2026
Tulgaaaaaaaa Credited to Tulgaaaaaaaa
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a... Low Unreviewed
CVE-2026-0995 was published Mar 2, 2026
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the... Low Unreviewed
CVE-2026-3404 was published Mar 2, 2026
A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an... Low Unreviewed
CVE-2026-3405 was published Mar 2, 2026
A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0... Low Unreviewed
CVE-2026-3401 was published Mar 2, 2026
hex_core has Unsafe Deserialization of Erlang Terms Low
CVE-2026-21619 was published for hex_core (Erlang) Mar 1, 2026
realcorvus Credited to realcorvus and maennchen maennchen maennchen
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret Low
CVE-2026-27167 was published for gradio (pip) Mar 1, 2026
tenbbughunters Credited to tenbbughunters
SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only) Low
GHSA-fpg4-jhqr-589c was published for @sveltejs/kit (npm) Feb 28, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github and jviide jviide jviide
ZITADEL has potential SSRF via Actions Low
CVE-2026-27945 was published for github.com/zitadel/zitadel/v2 (Go) Feb 27, 2026
IAM-marco Credited to IAM-marco and livio-a livio-a livio-a
Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an... Low Unreviewed
CVE-2026-22717 was published Feb 27, 2026
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass Low
CVE-2025-12150 was published for org.keycloak:keycloak-services (Maven) Feb 27, 2026
Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner Low
CVE-2026-3293 was published for net.snowflake:snowflake-jdbc (Maven) Feb 27, 2026
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling... Low Unreviewed
CVE-2026-22877 was published Feb 27, 2026
A vulnerability has been found in libvips 8.19.0. This issue affects the function... Low Unreviewed
CVE-2026-3283 was published Feb 27, 2026
A flaw has been found in libvips 8.19.0. This vulnerability affects the function... Low Unreviewed
CVE-2026-3282 was published Feb 27, 2026
A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the... Low Unreviewed
CVE-2026-3285 was published Feb 27, 2026
PSI Probe: Broken access control can lead to DoS Low
CVE-2026-3269 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
PSI Probe vulnerable to Server-Side Request Forgery Low
CVE-2026-3270 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder Low
CVE-2026-27942 was published for fast-xml-parser (npm) Feb 26, 2026
julianladisch Credited to julianladisch
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database