Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,143
Maven
5,000+
npm
5,000+
NuGet
840
pip
4,439
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,981 advisories

Loading
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC... Moderate Unreviewed
CVE-2026-2640 was published Mar 11, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege... Moderate Unreviewed
CVE-2026-24510 was published Mar 11, 2026
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user... High Unreviewed
CVE-2026-30902 was published Mar 11, 2026
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks High
CVE-2026-31834 was published for Umbraco.Cms (NuGet) Mar 11, 2026
odgrso Credited to odgrso
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper... High Unreviewed
CVE-2026-1993 was published Mar 11, 2026
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST... Critical Unreviewed
CVE-2026-2631 was published Mar 11, 2026
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface Critical
CVE-2026-30960 was published for rssn (Rust) Mar 10, 2026
panayang Credited to panayang
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of... High Unreviewed
CVE-2025-15576 was published Mar 9, 2026
By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow... High Unreviewed
CVE-2025-15547 was published Mar 9, 2026
The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8899 was published Mar 7, 2026
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc... Critical Unreviewed
CVE-2025-29165 was published Mar 5, 2026
An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0... High Unreviewed
CVE-2026-26416 was published Mar 5, 2026
Vulnerability of improper verification in the email application. Impact: Successful exploitation... High Unreviewed
CVE-2026-28548 was published Mar 5, 2026
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor... Critical Unreviewed
CVE-2026-29127 was published Mar 5, 2026
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore... High Unreviewed
CVE-2026-29124 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility... High Unreviewed
CVE-2026-29122 was published Mar 5, 2026
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC)... High Unreviewed
CVE-2026-29123 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility... High Unreviewed
CVE-2026-29121 was published Mar 5, 2026
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role High
CVE-2026-27803 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso
Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager High
CVE-2026-27802 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso and BlackDex BlackDex BlackDex
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC)... Moderate Unreviewed
CVE-2026-20044 was published Mar 4, 2026
OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows Moderate
GHSA-2hm8-rqrm-xfjq was published for openclaw (npm) Mar 3, 2026
Adam55A-code Credited to Adam55A-code
OpenClaw: Discord voice transcript owner-flag omission could expose owner-only tools in mixed-trust channels Moderate
GHSA-wpg9-4g4v-f9rc was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Sandboxed sessions_spawn(runtime="acp") bypassed sandbox inheritance and allowed host ACP initialization High
GHSA-474h-prjg-mmw3 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman... High Unreviewed
CVE-2025-63909 was published Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database