Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,621 advisories

Loading
The Honeywell IQ4x building management controller, exposes its full web-based HMI without... Critical Unreviewed
CVE-2026-3611 was published Mar 12, 2026
ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation Moderate
GHSA-4cm8-xpfv-jv6f was published for zeptoclaw (Rust) Mar 12, 2026
zpbrent Credited to zpbrent
ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data High
CVE-2026-32231 was published for zeptoclaw (Rust) Mar 12, 2026
zpbrent Credited to zpbrent
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape... High Unreviewed
CVE-2019-25483 was published Mar 11, 2026
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software... High Unreviewed
CVE-2026-2339 was published Mar 10, 2026
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized... High Unreviewed
CVE-2026-23662 was published Mar 10, 2026
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is... Moderate Unreviewed
CVE-2026-1919 was published Mar 10, 2026
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is... Moderate Unreviewed
CVE-2026-1920 was published Mar 10, 2026
Linkdave Missing Authentication on REST and WebSocket endpoints Critical
GHSA-xv8g-fj9h-6gmv was published for github.com/shi-gg/linkdave (Go) Mar 10, 2026
shi-gg Credited to shi-gg
FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info High
CVE-2026-30933 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Mar 9, 2026
mdcoxe Credited to mdcoxe
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing... High Unreviewed
CVE-2026-25071 was published Mar 7, 2026
AVideo has Unauthenticated IDOR - Playlist Information Disclosure Moderate
CVE-2026-30885 was published for wwbn/avideo (Composer) Mar 7, 2026
Akokonunes Credited to Akokonunes and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Flowise Missing Authentication on NVIDIA NIM Endpoints High
CVE-2026-30824 was published for flowise (npm) Mar 6, 2026
tenbbughunters Credited to tenbbughunters
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-26288 was published Mar 6, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-26051 was published Mar 6, 2026
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication... High Unreviewed
CVE-2026-2754 was published Mar 6, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-22552 was published Mar 6, 2026
Payment Orchestrator Service Elevation of Privilege Vulnerability High Unreviewed
CVE-2026-26125 was published Mar 6, 2026
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk... High Unreviewed
CVE-2026-30784 was published Mar 5, 2026
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure Critical
CVE-2026-27944 was published for github.com/0xJacky/Nginx-UI (Go) Mar 5, 2026
tenbbughunters Credited to tenbbughunters
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for... Unknown Unreviewed
CVE-2026-23767 was published Mar 5, 2026
Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions Critical
CVE-2026-27446 was published for org.apache.activemq:artemis-server (Maven) Mar 4, 2026
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables... High Unreviewed
CVE-2026-1775 was published Mar 4, 2026
OpenClaw Loopback CDP probe can leak Gateway token to local listener Moderate
GHSA-v3j7-34xh-6g3w was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint Moderate
GHSA-pfv7-rr5m-qmv6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database