Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,940 advisories

Loading
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access... Low Unreviewed
CVE-2026-24509 was published Mar 11, 2026
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace... High Unreviewed
CVE-2025-68623 was published Mar 11, 2026
Winter vulnerable to privilege escalation by authenticated backend users Critical
CVE-2026-27591 was published for winter/wn-backend-module (Composer) Mar 12, 2026
skyhex19 Credited to skyhex19
OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream High
CVE-2026-32102 was published for github.com/OliveTin/OliveTin (Go) Mar 12, 2026
kule500 Credited to kule500
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API Moderate
CVE-2026-3429 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21667 was published Mar 12, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21666 was published Mar 12, 2026
OpenClaw: Discord guild reaction ingress could bypass users and roles allowlists Moderate
GHSA-9vvh-2768-c8vp was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions... High Unreviewed
CVE-2026-0653 was published Feb 10, 2026
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Critical Unreviewed
CVE-2025-66956 was published Mar 11, 2026
Improper Access Control in moodle Moderate
CVE-2024-25980 was published for moodle/moodle (Composer) Feb 19, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd Credited to oscerd
EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing... Moderate Unreviewed
CVE-2024-26263 was published Feb 15, 2024
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an improper access... High Unreviewed
CVE-2023-39244 was published Feb 15, 2024
Improper Access Control in moodle Moderate
CVE-2024-25981 was published for moodle/moodle (Composer) Feb 19, 2024
An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions... Low Unreviewed
CVE-2023-3509 was published Feb 22, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16... Moderate Unreviewed
CVE-2024-1525 was published Feb 22, 2024
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to... High Unreviewed
CVE-2024-0410 was published Feb 22, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6,... Moderate Unreviewed
CVE-2023-4895 was published Feb 22, 2024
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of... Moderate Unreviewed
CVE-2024-20291 was published Feb 29, 2024
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions... Moderate Unreviewed
CVE-2024-22459 was published Feb 28, 2024
IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or... Moderate Unreviewed
CVE-2026-0977 was published Mar 16, 2026
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the... Moderate Unreviewed
CVE-2026-3111 was published Mar 16, 2026
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the... High Unreviewed
CVE-2026-3110 was published Mar 16, 2026
A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path... Moderate Unreviewed
CVE-2026-4191 was published Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database