Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
A flaw was found in org.keycloak.services. An administrator with delegated access to read group... Low Unreviewed
CVE-2026-9088 was published Jun 5, 2026
Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker... High Unreviewed
CVE-2021-46747 was published Jun 1, 2026
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user... Moderate Unreviewed
CVE-2026-37981 was published May 19, 2026
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary... High Unreviewed
CVE-2024-21962 was published May 15, 2026
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized... High Unreviewed
CVE-2026-35436 was published May 12, 2026
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized... High Unreviewed
CVE-2026-40365 was published May 12, 2026
OpenClaw: Agent gateway config mutations could change protected operator settings Moderate
GHSA-7jm2-g593-4qrc was published for openclaw (npm) Apr 25, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record Moderate
CVE-2026-38743 was published for apache-airflow (pip) Apr 24, 2026
Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions Moderate
CVE-2026-40690 was published for apache-airflow (pip) Apr 24, 2026
A vulnerability in the web application allows standard users to escalate their privileges to... Critical Unreviewed
CVE-2026-6356 was published Apr 22, 2026
Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys Critical
GHSA-47wq-cj9q-wpmp was published for @paperclipai/server (npm) Apr 16, 2026
peaktwilight Credited to peaktwilight
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions... Critical Unreviewed
CVE-2026-6388 was published Apr 16, 2026
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to... High Unreviewed
CVE-2026-33825 was published Apr 14, 2026
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock... Moderate Unreviewed
CVE-2025-20628 was published Apr 8, 2026
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure... Moderate Unreviewed
CVE-2026-20107 was published Feb 25, 2026
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to... Moderate Unreviewed
CVE-2025-48514 was published Feb 10, 2026
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a... Moderate Unreviewed
CVE-2025-48517 was published Feb 10, 2026
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability... High Unreviewed
CVE-2024-4147 was published Feb 2, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18... Moderate Unreviewed
CVE-2025-11246 was published Jan 9, 2026
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical... Moderate Unreviewed
CVE-2025-8306 was published Jan 8, 2026
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated,... Moderate Unreviewed
CVE-2025-20305 was published Nov 5, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8049 was published Oct 20, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8053 was published Oct 20, 2025
ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of... Moderate Unreviewed
CVE-2025-54461 was published Oct 16, 2025
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This... Critical Unreviewed
CVE-2025-7493 was published Sep 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database