Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

197 advisories

Loading
Improper Authentication and Origin Validation Error in pyload-ng Moderate
CVE-2026-33314 was published for pyload-ng (pip) Mar 19, 2026
Jaynornj Credited to Jaynornj
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding Moderate
CVE-2026-32632 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Mattermost allows attackers to spoof permalink embeds Moderate
CVE-2026-2457 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability... Moderate Unreviewed
CVE-2026-3846 was published Mar 10, 2026
Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation Moderate
CVE-2026-30964 was published for web-auth/webauthn-framework (Composer) Mar 10, 2026
dorakemon Credited to dorakemon
Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass Moderate
CVE-2026-25604 was published for apache-airflow-providers-amazon (pip) Mar 9, 2026
OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains Moderate
CVE-2026-32025 was published for openclaw (npm) Mar 3, 2026
luz-oasis Credited to luz-oasis
Local admin could to leak information from the Genetec Update Service configuration web page. An... Moderate Unreviewed
CVE-2025-1787 was published Feb 24, 2026
Cache poisoning in @sveltejs/adapter-vercel Moderate
CVE-2026-27118 was published for @sveltejs/adapter-vercel (npm) Feb 19, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github
OpenClaw session tool visibility hardening and Telegram webhook secret fallback Moderate
CVE-2026-27004 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS)... Moderate Unreviewed
CVE-2026-1997 was published Feb 10, 2026
React Router has CSRF issue in Action/Server Action Request Processing Moderate
CVE-2026-22030 was published for @remix-run/server-runtime (npm) Jan 8, 2026
Oceandust Credited to Oceandust
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox <... Moderate Unreviewed
CVE-2025-14331 was published Dec 9, 2025
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3... Moderate Unreviewed
CVE-2025-8074 was published Dec 4, 2025
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin... Moderate Unreviewed
CVE-2025-37734 was published Nov 12, 2025
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80... Moderate Unreviewed
CVE-2025-12905 was published Nov 8, 2025
Liferay Portal fails to verify messages from the cluster network is trusted Moderate
CVE-2025-62250 was published for com.liferay:com.liferay.portal.cluster.multiple (Maven) Oct 21, 2025
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an... Moderate Unreviewed
CVE-2025-2140 was published Oct 12, 2025
A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the... Moderate Unreviewed
CVE-2025-42706 was published Oct 8, 2025
A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-11304 was published Oct 5, 2025
A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point ... Moderate Unreviewed
CVE-2025-20364 was published Sep 24, 2025
Parcel has an Origin Validation Error vulnerability Moderate
CVE-2025-56648 was published for @parcel/reporter-dev-server (npm) Sep 17, 2025
R4356th Credited to R4356th and G-Rath G-Rath G-Rath
elysia-cors Origin Validation Error Moderate
CVE-2025-50864 was published for @elysiajs/cors (npm) Aug 20, 2025
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The BigFix SaaS's HTTP... Moderate Unreviewed
CVE-2025-52621 was published Aug 16, 2025
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic... Moderate Unreviewed
CVE-2025-53399 was published Aug 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database