Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,013 advisories

Loading
A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an... Moderate Unreviewed
CVE-2026-5573 was published Apr 5, 2026
A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts... Moderate Unreviewed
CVE-2026-5546 was published Apr 5, 2026
Directus: Path Traversal and Broken Access Control in File Management API High
GHSA-393c-p46r-7c95 was published for directus (npm) Apr 4, 2026
r3dpower Credited to r3dpower, pmins99, and odgrso pmins99 pmins99
odgrso odgrso
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow... Critical Unreviewed
CVE-2026-35616 was published Apr 4, 2026
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6... Critical Unreviewed
CVE-2021-4477 was published Apr 4, 2026
Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering... Moderate Unreviewed
CVE-2017-20233 was published Apr 4, 2026
Signal K Server: Unauthenticated Source Priorities Manipulation Moderate
CVE-2026-33951 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
A flaw has been found in ProjectsAndPrograms School Management System up to... Moderate Unreviewed
CVE-2026-5472 was published Apr 3, 2026
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A... High Unreviewed
CVE-2024-44303 was published Apr 2, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2024-44219 was published Apr 2, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2024-40858 was published Apr 2, 2026
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to... Critical Unreviewed
CVE-2026-2699 was published Apr 2, 2026
CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw) High
CVE-2026-34572 was published for ci4-cms-erp/ci4ms (Composer) Apr 1, 2026
bugmithlegend Credited to bugmithlegend
CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw) High
CVE-2026-34570 was published for ci4-cms-erp/ci4ms (Composer) Apr 1, 2026
bugmithlegend Credited to bugmithlegend
AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard Moderate
CVE-2026-34733 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
An improper access check allows unauthorized access to webservice endpoints. High Unreviewed
CVE-2026-23899 was published Apr 1, 2026
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an... Moderate Unreviewed
CVE-2026-1879 was published Apr 1, 2026
The ajax component was excluded from the default logged-in-user check in the administrative area.... Moderate Unreviewed
CVE-2026-21629 was published Apr 1, 2026
A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted... Moderate Unreviewed
CVE-2026-5261 was published Apr 1, 2026
Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing... High Unreviewed
CVE-2026-4947 was published Apr 1, 2026
OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset` High
GHSA-5r8f-96gm-5j6g was published for openclaw (npm) Apr 1, 2026
zpbrent Credited to zpbrent
OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose` High
GHSA-5h2w-qmfp-ggp6 was published for openclaw (npm) Mar 31, 2026
zpbrent Credited to zpbrent
Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess High
CVE-2026-34381 was published for admidio/admidio (Composer) Mar 31, 2026
JFOZ1010 Credited to JFOZ1010
A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0.... Moderate Unreviewed
CVE-2026-5181 was published Mar 31, 2026
A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server... Moderate Unreviewed
CVE-2026-21711 was published Mar 30, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database