Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

74 advisories

Loading
OpenClaw: Agent gateway config mutations could change protected operator settings Moderate
GHSA-7jm2-g593-4qrc was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record Moderate
CVE-2026-38743 was published for apache-airflow (pip) Apr 24, 2026
Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions Moderate
CVE-2026-40690 was published for apache-airflow (pip) Apr 24, 2026
A vulnerability in the web application allows standard users to escalate their privileges to... Critical Unreviewed
CVE-2026-6356 was published Apr 22, 2026
Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys Critical
GHSA-47wq-cj9q-wpmp was published for @paperclipai/server (npm) Apr 16, 2026
peaktwilight Credited to peaktwilight
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions... Critical Unreviewed
CVE-2026-6388 was published Apr 16, 2026
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to... High Unreviewed
CVE-2026-33825 was published Apr 14, 2026
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock... Moderate Unreviewed
CVE-2025-20628 was published Apr 8, 2026
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure... Moderate Unreviewed
CVE-2026-20107 was published Feb 25, 2026
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to... Moderate Unreviewed
CVE-2025-48514 was published Feb 10, 2026
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a... Moderate Unreviewed
CVE-2025-48517 was published Feb 10, 2026
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability... High Unreviewed
CVE-2024-4147 was published Feb 2, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18... Moderate Unreviewed
CVE-2025-11246 was published Jan 9, 2026
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical... Moderate Unreviewed
CVE-2025-8306 was published Jan 8, 2026
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated,... Moderate Unreviewed
CVE-2025-20305 was published Nov 5, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8053 was published Oct 20, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8049 was published Oct 20, 2025
ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of... Moderate Unreviewed
CVE-2025-54461 was published Oct 16, 2025
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This... Critical Unreviewed
CVE-2025-7493 was published Sep 30, 2025
Improper input validation in the system management mode (SMM) could allow a privileged attacker... High Unreviewed
CVE-2024-21947 was published Sep 6, 2025
HCL Connections contains a broken access control vulnerability that may allow unauthorized user... Low Unreviewed
CVE-2025-31961 was published Aug 15, 2025
An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1... Low Unreviewed
CVE-2025-2498 was published Aug 13, 2025
Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable... High Unreviewed
CVE-2025-22839 was published Aug 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1... Moderate Unreviewed
CVE-2025-7001 was published Jul 25, 2025
A vulnerability has been identified in the Now Platform that could result in data being inferred... High Unreviewed
CVE-2025-3648 was published Jul 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database