Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
47
Go
3,295
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,524
Pub
12
RubyGems
1,008
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,024 advisories

Loading
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is... Moderate Unreviewed
CVE-2026-2375 was published Mar 21, 2026
StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts Moderate
CVE-2026-32106 was published for studiocms (npm) Mar 12, 2026
restriction Credited to restriction and Adammatthiesen Adammatthiesen Adammatthiesen
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC... Moderate Unreviewed
CVE-2026-2640 was published Mar 11, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege... Moderate Unreviewed
CVE-2026-24510 was published Mar 11, 2026
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC)... Moderate Unreviewed
CVE-2026-20044 was published Mar 4, 2026
OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows Moderate
GHSA-2hm8-rqrm-xfjq was published for openclaw (npm) Mar 3, 2026
Adam55A-code Credited to Adam55A-code
OpenClaw: Discord voice transcript owner-flag omission could expose owner-only tools in mixed-trust channels Moderate
CVE-2026-32035 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns Moderate
GHSA-p7gr-f84w-hqg5 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
n8n has an SSO Enforcement Bypass in its Self-Service Settings API Moderate
GHSA-vjf3-2gpj-233v was published for n8n (npm) Feb 26, 2026
stanislavfortaisle Credited to stanislavfortaisle
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with... Moderate Unreviewed
CVE-2026-22721 was published Feb 25, 2026
A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the... Moderate Unreviewed
CVE-2026-2563 was published Feb 16, 2026
A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts... Moderate Unreviewed
CVE-2026-2562 was published Feb 16, 2026
A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the... Moderate Unreviewed
CVE-2026-2561 was published Feb 16, 2026
Child processes spawned by Renovate incorrectly have full access to environment variables Moderate
GHSA-8wc6-vgrq-x6cf was published for renovate (npm) Feb 13, 2026
viceice Credited to viceice
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2025-46310 was published Feb 12, 2026
Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access... Moderate Unreviewed
CVE-2025-6723 was published Jan 30, 2026
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be... Moderate Unreviewed
CVE-2025-13918 was published Jan 28, 2026
Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims Moderate
CVE-2026-23990 was published for github.com/controlplaneio-fluxcd/flux-operator (Go) Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-21981 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-21963 was published Jan 21, 2026
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates... Moderate Unreviewed
CVE-2026-21223 was published Jan 17, 2026
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products.... Moderate Unreviewed
CVE-2025-66315 was published Jan 9, 2026
RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting Moderate
CVE-2026-22043 was published for rustfs (Rust) Jan 8, 2026
Threonine Credited to Threonine
Apache StreamPipes has Improper Privilege Management issue Moderate
CVE-2025-47411 was published for org.apache.streampipes:streampipes-parent (Maven) Jan 1, 2026
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control... Moderate Unreviewed
CVE-2025-52599 was published Dec 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database