Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,080
Maven
5,000+
npm
4,980
NuGet
825
pip
4,417
Pub
12
RubyGems
988
Rust
1,162
Swift
50
Unreviewed advisories
All unreviewed
5,000+

13,417 advisories

Loading
In affected versions of Octopus Server it was possible to create a new API key from an existing... Low Unreviewed
CVE-2026-3236 was published Mar 5, 2026
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is... Low Unreviewed
CVE-2026-21786 was published Mar 5, 2026
Permission control vulnerability in the resource scheduling module. Impact: Successful... Low Unreviewed
CVE-2025-66319 was published Mar 5, 2026
dbt-common's commonprefix() doesn't protect against path traversal Low
GHSA-w75w-9qv4-j5xj was published for dbt-common (pip) Mar 5, 2026
sethmlarson Credited to sethmlarson and emmyoop emmyoop emmyoop
Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers Low
CVE-2026-29781 was published for github.com/bishopfox/sliver (Go) Mar 5, 2026
skoveit Credited to skoveit
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass Low
CVE-2026-29184 was published for @backstage/plugin-scaffolder-backend (npm) Mar 5, 2026
Backstage vulnerable to potential reading of SCM URLs using built in token Low
CVE-2026-29185 was published for @backstage/integration (npm) Mar 5, 2026
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access Low
GHSA-vjp8-wprm-2jw9 was published for openclaw (npm) Mar 4, 2026
tdjackey Credited to tdjackey
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for... Low Unreviewed
CVE-2026-22760 was published Mar 4, 2026
Dark Reader gives users the ability to request style sheets from local web servers Low
CVE-2025-68467 was published for darkreader (npm) Mar 4, 2026
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to... Low Unreviewed
CVE-2025-40895 was published Mar 4, 2026
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality... Low Unreviewed
CVE-2025-40894 was published Mar 4, 2026
Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0 through 9.12.0.1,... Low Unreviewed
CVE-2026-21422 was published Mar 4, 2026
Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF) Low
CVE-2026-2994 was published for concrete5/concrete5 (Composer) Mar 4, 2026
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode Low
GHSA-8mf7-vv8w-hjr2 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
GHSA-v6x2-2qvm-6gv8 was published for openclaw (npm) Mar 3, 2026
OpenClaw's voice-call Twilio replay dedupe now bound to authenticated webhook identity Low
GHSA-gcj7-r3hg-m7w6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model Low
GHSA-7qf6-h84j-8fq4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw's runtime /debug override path accepted prototype-reserved keys Low
GHSA-62f6-mrcj-v8h5 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions Low
GHSA-vvgp-4c28-m3jm was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26887 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26888 was published Mar 3, 2026
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy... Low Unreviewed
CVE-2026-26889 was published Mar 3, 2026
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in ... Low Unreviewed
CVE-2026-26891 was published Mar 3, 2026
Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options Low
GHSA-4mgv-366x-qxvx was published for craftcms/cms (Composer) Mar 3, 2026
mHe4am Credited to mHe4am
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database