Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,690
Maven
5,000+
npm
5,000+
NuGet
934
pip
4,928
Pub
13
RubyGems
1,053
Rust
1,322
Swift
53
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write... Moderate Unreviewed
CVE-2026-43002 was published May 5, 2026
Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the... Moderate Unreviewed
CVE-2026-41254 was published Apr 18, 2026
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes... Moderate Unreviewed
CVE-2026-40223 was published Apr 10, 2026
Duplicate Advisory: OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation Moderate
GHSA-8f9r-gr6r-x63q was published for openclaw (npm) Apr 10, 2026 withdrawn
Duplicate Advisory: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement Moderate
GHSA-2j53-2c28-g9v2 was published for openclaw (npm) Apr 10, 2026 withdrawn
Duplicate Advisory: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete Moderate
GHSA-p6j4-wvmc-vx2h was published for openclaw (npm) Apr 10, 2026 withdrawn
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability... High Unreviewed
CVE-2026-35636 was published Apr 10, 2026
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within... Low Unreviewed
CVE-2026-35386 was published Apr 2, 2026
OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions Moderate
CVE-2026-35652 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver /... Moderate Unreviewed
CVE-2025-9904 was published Sep 29, 2025
The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M... Moderate Unreviewed
CVE-2025-55114 was published Sep 16, 2025
Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can... Moderate Unreviewed
CVE-2025-48965 was published Jul 20, 2025
In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass... Moderate Unreviewed
CVE-2021-47688 was published Jun 23, 2025
Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated... Moderate Unreviewed
CVE-2025-20012 was published May 13, 2025
GraphQL grant on a property might be cached with different objects High
CVE-2025-31485 was published for api-platform/core (Composer) Apr 4, 2025
ausi Credited to ausi, alanpoulain, soyuka, and Fafabian alanpoulain alanpoulain
soyuka soyuka Fafabian Fafabian
Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an... High Unreviewed
CVE-2025-0150 was published Mar 11, 2025
MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11... Moderate Unreviewed
CVE-2023-52968 was published Mar 9, 2025
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user... Moderate Unreviewed
CVE-2024-45157 was published Sep 5, 2024
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM)... High Unreviewed
CVE-2024-24853 was published Aug 14, 2024
An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper... Moderate Unreviewed
CVE-2024-30389 was published Apr 12, 2024
An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300... Moderate Unreviewed
CVE-2024-30410 was published Apr 12, 2024
Potential DoS via the Tudoor mechanism in eventlet and dnspython Moderate
CVE-2023-29483 was published for dnspython (pip) Apr 11, 2024
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks Critical
GHSA-j496-crgh-34mx was published for github.com/cosmos/ibc-go (Go) Apr 5, 2024
mdulin2 Credited to mdulin2
Incorrect behavior order in the Command Centre Server could allow privileged users to gain... Moderate Unreviewed
CVE-2023-23576 was published Dec 19, 2023
Authorization bypass in Quarkus High
CVE-2023-6394 was published for io.quarkus:quarkus-smallrye-graphql-client (Maven) Dec 9, 2023
cescoffier Credited to cescoffier
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database