Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,185
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,476
Pub
12
RubyGems
992
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

378 advisories

Loading
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers High
CVE-2026-32634 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding Moderate
CVE-2026-32632 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to sanitize... Moderate Unreviewed
CVE-2026-2457 was published Mar 16, 2026
OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode High
CVE-2026-32302 was published for openclaw (npm) Mar 12, 2026
yianworks Credited to yianworks
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability... Moderate Unreviewed
CVE-2026-3846 was published Mar 10, 2026
Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation Moderate
CVE-2026-30964 was published for web-auth/webauthn-framework (Composer) Mar 10, 2026
dorakemon Credited to dorakemon
Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass Moderate
CVE-2026-25604 was published for apache-airflow-providers-amazon (pip) Mar 9, 2026
Dark Reader gives users the ability to request style sheets from local web servers Low
CVE-2025-68467 was published for darkreader (npm) Mar 4, 2026
OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains Moderate
GHSA-jmmg-jqc7-5qf4 was published for openclaw (npm) Mar 3, 2026
luz-oasis Credited to luz-oasis
CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function High
CVE-2026-26861 was published for clevertap-web-sdk (npm) Feb 27, 2026
Local admin could to leak information from the Genetec Update Service configuration web page. An... Moderate Unreviewed
CVE-2025-1787 was published Feb 24, 2026
Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2026-2790 was published Feb 24, 2026
Apache Camel: KeycloakSecurityPolicy does not validate issuer of JWT tokens against configured realm Critical
CVE-2026-23552 was published for org.apache.camel:camel-keycloak (Maven) Feb 23, 2026
Feathers has an origin validation bypass via prefix matching High
CVE-2026-27192 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid Credited to vvxhid and b0-n0-b0 b0-n0-b0 b0-n0-b0
Cache poisoning in @sveltejs/adapter-vercel Moderate
CVE-2026-27118 was published for @sveltejs/adapter-vercel (npm) Feb 19, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github
OpenClaw session tool visibility hardening and Telegram webhook secret fallback Moderate
CVE-2026-27004 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension... Low Unreviewed
CVE-2026-2345 was published Feb 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18... High Unreviewed
CVE-2025-7659 was published Feb 11, 2026
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS)... Moderate Unreviewed
CVE-2026-1997 was published Feb 10, 2026
An unauthenticated remote attacker is able to use an existing session id of a logged in user and... High Unreviewed
CVE-2022-50975 was published Feb 2, 2026
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows... High Unreviewed
CVE-2022-50925 was published Jan 14, 2026
MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation High
CVE-2025-14279 was published for mlflow (pip) Jan 12, 2026
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust Credited to Oceandust
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it... Critical Unreviewed
CVE-2025-67825 was published Jan 8, 2026
Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2... High Unreviewed
CVE-2026-20893 was published Jan 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database