Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

416 advisories

Loading
OpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler contains a passwordless fallback... Moderate Unreviewed
CVE-2026-32896 was published Mar 21, 2026
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass... Moderate Unreviewed
CVE-2025-71257 was published Mar 19, 2026
AVideo has Unauthenticated PGP Message Decryption via Public Endpoint Moderate
GHSA-5x2w-37xf-7962 was published for wwbn/avideo (Composer) Mar 19, 2026
fg0x0 Credited to fg0x0
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows... Moderate Unreviewed
CVE-2026-2491 was published Mar 16, 2026
The authentication mechanism for a specific feature in the EasyShare module contains a... Moderate Unreviewed
CVE-2025-15515 was published Mar 13, 2026
Parse Server's GraphQL WebSocket endpoint bypasses security middleware Moderate
CVE-2026-32594 was published for parse-server (npm) Mar 13, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation Moderate
GHSA-4cm8-xpfv-jv6f was published for zeptoclaw (Rust) Mar 12, 2026
zpbrent Credited to zpbrent
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is... Moderate Unreviewed
CVE-2026-1920 was published Mar 10, 2026
The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is... Moderate Unreviewed
CVE-2026-1919 was published Mar 10, 2026
AVideo has Unauthenticated IDOR - Playlist Information Disclosure Moderate
CVE-2026-30885 was published for wwbn/avideo (Composer) Mar 7, 2026
Akokonunes Credited to Akokonunes and neo-ai-engineer neo-ai-engineer neo-ai-engineer
OpenClaw Loopback CDP probe can leak Gateway token to local listener Moderate
CVE-2026-22174 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint Moderate
GHSA-pfv7-rr5m-qmv6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) Moderate
GHSA-5mx2-2mgw-x8rm was published for openclaw/openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure Moderate
CVE-2026-32041 was published for openclaw (npm) Mar 2, 2026
Indico has a missing access check in the event series management API Moderate
CVE-2026-28352 was published for indico (pip) Mar 1, 2026
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure. Moderate Unreviewed
CVE-2025-15567 was published Feb 27, 2026
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint Moderate
CVE-2026-24004 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the... Moderate Unreviewed
CVE-2026-3192 was published Feb 25, 2026
Due to missing authentication, a user with physical access to the device can misuse the mesh... Moderate Unreviewed
CVE-2026-27846 was published Feb 25, 2026
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function... Moderate Unreviewed
CVE-2026-3053 was published Feb 24, 2026
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) Moderate
CVE-2026-27482 was published for ray (pip) Feb 20, 2026
qi-scape Credited to qi-scape
The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2025-14294 was published Feb 19, 2026
OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled Moderate
CVE-2026-29606 was published for openclaw (npm) Feb 18, 2026
p80n-sec Credited to p80n-sec
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering Moderate
CVE-2026-28450 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software... Moderate Unreviewed
CVE-2025-7706 was published Feb 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database