Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

475 advisories

Loading
wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to... Moderate Unreviewed
CVE-2026-22199 was published Mar 13, 2026
Shopware vulnerable to a potential take over of app credentials High
CVE-2026-31889 was published for shopware/core (Composer) Mar 11, 2026
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the... High Unreviewed
CVE-2025-67298 was published Mar 11, 2026
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA... Moderate Unreviewed
CVE-2026-32229 was published Mar 11, 2026
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3,... Moderate Unreviewed
CVE-2025-48840 was published Mar 10, 2026
OpenClaw Loopback CDP probe can leak Gateway token to local listener Moderate
GHSA-v3j7-34xh-6g3w was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes Moderate
GHSA-hff7-ccv5-52f8 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy High
GHSA-r65x-2hqr-j5hf was published for openclaw (npm) Mar 3, 2026
76embiid21 Credited to 76embiid21
n8n has Webhook Forgery on Zendesk Trigger Node Moderate
GHSA-38c7-23hj-2wgq was published for n8n (npm) Feb 26, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
n8n: Webhook Forgery on Github Webhook Trigger Moderate
GHSA-mqpr-49jj-32rc was published for n8n (npm) Feb 26, 2026
simonkoeck Credited to simonkoeck
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo High
CVE-2026-27700 was published for hono (npm) Feb 25, 2026
EdamAme-x Credited to EdamAme-x
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects... Critical Unreviewed
CVE-2026-2800 was published Feb 24, 2026
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider ... High Unreviewed
CVE-2024-1524 was published Feb 24, 2026
Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to... Critical Unreviewed
CVE-2025-71056 was published Feb 23, 2026
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order... High Unreviewed
CVE-2025-69401 was published Feb 20, 2026
OpenClaw Telegram allowlist authorization accepted mutable usernames Moderate
CVE-2026-28480 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch Low
GHSA-chm2-m3w2-wcxm was published for clawdbot (npm) Feb 17, 2026
vincentkoc Credited to vincentkoc
Nextcloud Talk allowlist bypass via actor.name display name spoofing Critical
CVE-2026-28474 was published for @openclaw/nextcloud-talk (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching Moderate
CVE-2026-28471 was published for openclaw (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations High
CVE-2026-28465 was published for @clawdbot/voice-call (npm) Feb 17, 2026
0x5t Credited to 0x5t
Malicious scripts that interrupt new tab page loading could cause desynchronization between the... Moderate Unreviewed
CVE-2026-2032 was published Feb 16, 2026
FUXA Unauthenticated Remote Code Execution in Node-RED Integration Critical
CVE-2026-25938 was published for fuxa-server (npm) Feb 10, 2026
wodzen Credited to wodzen
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers High
CVE-2026-21862 was published for rustfs (Rust) Feb 3, 2026
max-r-b Credited to max-r-b and enitmar enitmar enitmar
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers... Moderate Unreviewed
CVE-2020-37056 was published Jan 31, 2026
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows... Moderate Unreviewed
CVE-2026-0834 was published Jan 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database