GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,123
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,431
Pub
12
RubyGems
988
Rust
1,171
Swift
50
Unreviewed advisories
All unreviewed
5,000+
151,732 advisories
Filter by severity
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown...
Moderate
Unreviewed
CVE-2025-15603
was published
Mar 9, 2026
Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0...
Moderate
Unreviewed
CVE-2026-3638
was published
Mar 9, 2026
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions
Moderate
GHSA-9q36-67vc-rrwg
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: system.run allow-always persistence included shell-commented payload tails
Moderate
GHSA-9q2p-vc84-2rwm
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: `operator.write` chat.send could reach admin-only config writes
Moderate
GHSA-hfpr-jhpq-x4rm
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
Moderate
GHSA-r6qf-8968-wj9q
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw: Cross-account sender authorization expansion in `/allowlist ... --store` account scoping
Moderate
GHSA-pjvx-rx66-r3fg
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers
Moderate
GHSA-3h2q-j2v4-6w5r
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots
Moderate
GHSA-j425-whc4-4jgc
was published
for
openclaw
(npm)
Mar 9, 2026
OpenClaw's hooks count non-POST requests toward auth lockout
Moderate
GHSA-6rmx-gvvg-vh6j
was published
for
openclaw
(npm)
Mar 9, 2026
Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Moderate
CVE-2026-30927
was published
for
admidio/admidio
(Composer)
Mar 9, 2026
Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router...
Moderate
Unreviewed
CVE-2026-29023
was published
Mar 9, 2026
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered...
Moderate
Unreviewed
CVE-2025-70040
was published
Mar 9, 2026
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was...
Moderate
Unreviewed
CVE-2025-70060
was published
Mar 9, 2026
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was...
Moderate
Unreviewed
CVE-2025-70033
was published
Mar 9, 2026
Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Moderate
CVE-2026-30854
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization
Moderate
CVE-2026-30850
was published
for
parse-server
(npm)
Mar 9, 2026
Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Moderate
CVE-2026-30848
was published
for
parse-server
(npm)
Mar 9, 2026
Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding
Moderate
CVE-2026-29773
was published
for
github.com/kubewarden/kubewarden-controller
(Go)
Mar 9, 2026
Netmaker has Privilege Escalation from Admin to Super-Admin via User Update
Moderate
CVE-2026-29195
was published
for
github.com/gravitl/netmaker
(Go)
Mar 9, 2026
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus...
Moderate
Unreviewed
CVE-2026-2919
was published
Mar 9, 2026
A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected...
Moderate
Unreviewed
CVE-2026-3819
was published
Mar 9, 2026
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain...
Moderate
Unreviewed
CVE-2026-21736
was published
Mar 9, 2026
A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the...
Moderate
Unreviewed
CVE-2026-3818
was published
Mar 9, 2026
ProTip!
Advisories are also available from the
GraphQL API