Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

895 advisories

Loading
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains... High Unreviewed
CVE-2017-20238 was published Apr 4, 2026
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity Critical
CVE-2026-33950 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch` High
GHSA-v3qc-wrwx-j3pw was published for openclaw (npm) Apr 3, 2026
YLChen-007 Credited to YLChen-007
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-33105 was published Apr 3, 2026
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges... Critical Unreviewed
CVE-2026-32213 was published Apr 3, 2026
A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function... Moderate Unreviewed
CVE-2026-5246 was published Apr 2, 2026
A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an... Moderate Unreviewed
CVE-2026-5326 was published Apr 2, 2026
Parser Server's streaming file download bypasses afterFind file trigger authorization High
CVE-2026-34784 was published for parse-server (npm) Apr 1, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter Moderate
CVE-2026-34738 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Open WebUI has Broken Access Control in Tool Valves High
CVE-2026-34222 was published for open-webui (pip) Apr 1, 2026
timoles Credited to timoles and sec-consult sec-consult sec-consult
Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote... Moderate Unreviewed
CVE-2026-5283 was published Apr 1, 2026
SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking High
CVE-2026-32716 was published for scitokens (pip) Mar 31, 2026
pmcao Credited to pmcao and djw8605 djw8605 djw8605
baserCMS has Mail Form Acceptance Bypass via Public API Moderate
CVE-2026-30878 was published for baserproject/basercms (Composer) Mar 31, 2026
melonattacker Credited to melonattacker
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users... Moderate Unreviewed
CVE-2026-4818 was published Mar 31, 2026
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-1710 was published Mar 31, 2026
OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy Moderate
GHSA-39mp-545q-w789 was published for openclaw (npm) Mar 30, 2026
tdjackey Credited to tdjackey
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
GHSA-j4c9-w69r-cw33 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186) High
GHSA-46wh-3698-f2cx was published for github.com/traefik/traefik/v2 (Go) Mar 29, 2026
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2026-4248 was published Mar 28, 2026
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer... Low Unreviewed
CVE-2026-4958 was published Mar 27, 2026
OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision Moderate
GHSA-rqp8-q22p-5j9q was published for openclaw (npm) Mar 26, 2026
tdjackey Credited to tdjackey
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions Moderate
GHSA-x2cm-hg9c-mf5w was published for openclaw (npm) Mar 26, 2026
space08 Credited to space08
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the... Moderate Unreviewed
CVE-2026-21724 was published Mar 26, 2026
OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation Low
GHSA-pw7h-9g6p-c378 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions Moderate
GHSA-8883-9w57-vwv6 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database