Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

549 advisories

Loading
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming... High Unreviewed
CVE-2026-53833 was published Jun 13, 2026
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local... High Unreviewed
CVE-2026-53832 was published Jun 13, 2026
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature... High Unreviewed
CVE-2026-53823 was published Jun 13, 2026
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media... Moderate Unreviewed
CVE-2026-5792 was published Jun 12, 2026
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload Critical
CVE-2026-48063 was published for @whiskeysockets/baileys (npm) Jun 10, 2026
purpshell Credited to purpshell and SheIITear SheIITear SheIITear
A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could... High Unreviewed
CVE-2026-6090 was published Jun 10, 2026
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections High
CVE-2026-47737 was published for puma (RubyGems) Jun 9, 2026
vxhex Credited to vxhex and nateberkopec nateberkopec nateberkopec
NocoDB: Cross-Workspace Integration Use in Connection Test Moderate
CVE-2026-47381 was published for nocodb (npm) Jun 5, 2026
DongyangLyu Credited to DongyangLyu
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-48567 was published Jun 5, 2026
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53... Moderate Unreviewed
CVE-2026-11019 was published Jun 5, 2026
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote... Moderate Unreviewed
CVE-2026-11001 was published Jun 5, 2026
Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment Moderate
CVE-2026-48016 was published for shopware/core (Composer) Jun 4, 2026
Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution Moderate
CVE-2026-45056 was published for matrix-sdk-crypto (Rust) Jun 4, 2026
Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret Moderate
CVE-2026-44476 was published for doorkeeper-openid_connect (RubyGems) Jun 4, 2026
55728 Credited to 55728
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. Critical Unreviewed
CVE-2026-8644 was published Jun 1, 2026
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL... High Unreviewed
CVE-2026-42674 was published Jun 1, 2026
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay Moderate
CVE-2026-45074 was published for symfony/security-http (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator High
CVE-2026-45063 was published for symfony/security-http (Composer) May 27, 2026
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an... High Unreviewed
CVE-2026-8676 was published May 26, 2026
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local... High Unreviewed
CVE-2018-25361 was published May 26, 2026
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151. High Unreviewed
CVE-2026-8963 was published May 19, 2026
Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151. High Unreviewed
CVE-2026-8960 was published May 19, 2026
Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151 and... Moderate Unreviewed
CVE-2026-8961 was published May 19, 2026
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in... Moderate Unreviewed
CVE-2026-8951 was published May 19, 2026
Keycloak: Session fixation in OIDC login flow that can lead to account takeover High
CVE-2026-7507 was published for org.keycloak:keycloak-services (Maven) May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database