Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,273 advisories

Loading
OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch... High Unreviewed
CVE-2026-53834 was published Jun 13, 2026
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command... High Unreviewed
CVE-2026-53828 was published Jun 13, 2026
File Browser has incorrect access control for public directory shares via rule path rebasing High
CVE-2026-54091 was published for github.com/filebrowser/filebrowser (Go) Jun 12, 2026
hacdias Credited to hacdias
An incorrect authorization vulnerability in MISP allows an organization administrator to target... High Unreviewed
CVE-2026-54358 was published Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... High Unreviewed
CVE-2026-7387 was published Jun 12, 2026
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the... High Unreviewed
CVE-2026-45831 was published Jun 12, 2026
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL High
CVE-2026-48152 was published for @budibase/server (npm) Jun 12, 2026
Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection High
CVE-2026-48113 was published for github.com/jpillora/chisel (Go) Jun 12, 2026
mzfr Credited to mzfr
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive... High Unreviewed
CVE-2026-53807 was published Jun 11, 2026
DevGuard has improper authorization on public assets High
CVE-2026-48089 was published for github.com/l3montree-dev/devguard (Go) Jun 11, 2026
philipflohr Credited to philipflohr
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation... High Unreviewed
CVE-2026-53738 was published Jun 11, 2026
An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote... High Unreviewed
CVE-2026-24724 was published Jun 10, 2026
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization... High Unreviewed
CVE-2026-47929 was published Jun 9, 2026
A flaw was found in Keycloak. A limited administrator can exploit an improper access control... High Unreviewed
CVE-2026-11577 was published Jun 8, 2026
A logic error in the MISP CRUD component delete handler allowed validation failures to be... High Unreviewed
CVE-2026-10860 was published Jun 4, 2026
Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending High
CVE-2026-45337 was published for better-auth (npm) Jun 4, 2026
whrit Credited to whrit
Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. High Unreviewed
CVE-2025-14774 was published Jun 3, 2026
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the... High Unreviewed
CVE-2026-3514 was published Jun 2, 2026
In multiple locations, there is a possible background activity launch due to a missing permission... High Unreviewed
CVE-2025-32348 was published Jun 2, 2026
Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders High
CVE-2026-47231 was published for admidio/admidio (Composer) May 29, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route... High Unreviewed
CVE-2026-35674 was published May 29, 2026
Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement High
CVE-2026-41235 was published for froxlor/froxlor (Composer) May 29, 2026
larlarua Credited to larlarua
GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands High
CVE-2026-48501 was published for github.com/cli/cli/v2 (Go) May 29, 2026
BagToad Credited to BagToad, kommendorkapten, babakks, and nophlyzone kommendorkapten kommendorkapten
babakks babakks nophlyzone nophlyzone
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business... High Unreviewed
CVE-2026-46823 was published May 28, 2026
OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL High
CVE-2026-45808 was published for github.com/openbao/openbao (Go) May 28, 2026
fg0x0 Credited to fg0x0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database