Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,944 advisories

Loading
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters High
CVE-2026-33981 was published for changedetection.io (pip) Mar 27, 2026
sajdakabir Credited to sajdakabir and zerotrail-ai zerotrail-ai zerotrail-ai
In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and... High Unreviewed
CVE-2025-15381 was published Mar 27, 2026
Parse Server exposes auth data via /users/me endpoint High
CVE-2026-33627 was published for parse-server (npm) Mar 24, 2026
mtrezza Credited to mtrezza
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149... High Unreviewed
CVE-2026-4712 was published Mar 24, 2026
Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an... High Unreviewed
CVE-2026-23659 was published Mar 19, 2026
In Soft Serve, an authenticated repo import can clone server-local private repositories High
CVE-2026-33353 was published for github.com/charmbracelet/soft-serve (Go) Mar 19, 2026
evnsh Credited to evnsh
Parse Server leaks protected fields via LiveQuery afterEvent trigger High
CVE-2026-33163 was published for parse-server (npm) Mar 18, 2026
mtrezza Credited to mtrezza
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials High
CVE-2026-32609 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
Glances exposes the REST API without authentication High
CVE-2026-32596 was published for Glances (pip) Mar 16, 2026
DhiyaneshGeek Credited to DhiyaneshGeek
Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values High
CVE-2026-2476 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Mar 16, 2026
Unauthorized access to Argo Workflows Template High
CVE-2026-28229 was published for github.com/argoproj/argo-workflows/v3 (Go) Mar 11, 2026
Masamuneee Credited to Masamuneee
OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage High
GHSA-rchv-x836-w7xp was published for openclaw (npm) Mar 9, 2026
whiter6666 Credited to whiter6666
Glances Exposes Unauthenticated Configuration Secrets High
CVE-2026-30928 was published for glances (pip) Mar 9, 2026
theamanrawat Credited to theamanrawat and neo-ai-engineer neo-ai-engineer neo-ai-engineer
FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info High
CVE-2026-30933 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Mar 9, 2026
mdcoxe Credited to mdcoxe
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure High
CVE-2026-30244 was published for plane (pip) Mar 5, 2026
Sanu1999 Credited to Sanu1999
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API... High Unreviewed
CVE-2026-2025 was published Mar 4, 2026
OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs High
GHSA-9f72-qcpw-2hxc was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset High
CVE-2026-27522 was published for openclaw (npm) Mar 2, 2026
GCXWLP Credited to GCXWLP
In hasImage of Notification.java, there is a possible way to reveal information across users due... High Unreviewed
CVE-2026-0025 was published Mar 2, 2026
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token... High Unreviewed
CVE-2025-48635 was published Mar 2, 2026
FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory High
CVE-2026-28492 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 2, 2026
uug4na Credited to uug4na and hacdias hacdias hacdias
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users High
CVE-2026-27465 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an... High Unreviewed
CVE-2026-2244 was published Feb 26, 2026
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links High
CVE-2026-27611 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Feb 25, 2026
ByteAfterlife Credited to ByteAfterlife
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This... High Unreviewed
CVE-2026-2783 was published Feb 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database