Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,942 advisories

Loading
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns Moderate
GHSA-p7gr-f84w-hqg5 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login High
CVE-2026-28790 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
kule500 Credited to kule500
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due... Moderate Unreviewed
CVE-2026-0012 was published Mar 2, 2026
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only... High Unreviewed
CVE-2025-48619 was published Mar 2, 2026
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes Moderate
CVE-2026-0871 was published for org.keycloak:keycloak-server-spi-private (Maven) Feb 27, 2026
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations Moderate
CVE-2026-22728 was published for github.com/bitnami-labs/sealed-secrets (Go) Feb 26, 2026
1seal Credited to 1seal
n8n has an SSO Enforcement Bypass in its Self-Service Settings API Moderate
GHSA-vjf3-2gpj-233v was published for n8n (npm) Feb 26, 2026
stanislavfortaisle Credited to stanislavfortaisle
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile... Moderate Unreviewed
CVE-2026-2356 was published Feb 26, 2026
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this... Moderate Unreviewed
CVE-2026-3187 was published Feb 25, 2026
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote... High Unreviewed
CVE-2025-63409 was published Feb 24, 2026
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access Moderate
CVE-2026-25966 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148 and... Critical Unreviewed
CVE-2026-2768 was published Feb 24, 2026
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by... Moderate Unreviewed
CVE-2026-3025 was published Feb 23, 2026
A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function... Moderate Unreviewed
CVE-2026-2979 was published Feb 23, 2026
A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function... Moderate Unreviewed
CVE-2026-2977 was published Feb 23, 2026
A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function... Moderate Unreviewed
CVE-2026-2978 was published Feb 23, 2026
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests... Critical Unreviewed
CVE-2026-21627 was published Feb 20, 2026
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose... High Unreviewed
CVE-2026-21535 was published Feb 20, 2026
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization... Moderate Unreviewed
CVE-2025-12884 was published Feb 19, 2026
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802... Moderate Unreviewed
CVE-2026-2684 was published Feb 19, 2026
A vulnerability was detected in huanzi-qch base-admin up to... Moderate Unreviewed
CVE-2026-2665 was published Feb 18, 2026
mingSoft MCMS does not properly restrict file uploads Low
CVE-2026-2666 was published for net.mingsoft:ms-mcms (Maven) Feb 18, 2026
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low... High Unreviewed
CVE-2025-70064 was published Feb 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database