GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
164,150 advisories
Filter by severity
The ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form plugin for...
Moderate
Unreviewed
CVE-2026-15759
was published
Jul 17, 2026
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which...
Moderate
Unreviewed
CVE-2026-21770
was published
Jul 17, 2026
Improper Access Control vulnerability in the Removable Media Validation function of TXOne...
Moderate
Unreviewed
CVE-2026-41993
was published
Jul 17, 2026
Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2...
Moderate
Unreviewed
CVE-2026-60060
was published
Jul 17, 2026
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2026-15159
was published
Jul 17, 2026
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Directory Traversal in all...
Moderate
Unreviewed
CVE-2026-15160
was published
Jul 17, 2026
The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
Moderate
Unreviewed
CVE-2026-15161
was published
Jul 17, 2026
The WooCommerce Placetopay Gateway and PlacetoPay/AvalPay gateway plugins for WordPress are...
Moderate
Unreviewed
CVE-2026-11324
was published
Jul 17, 2026
The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
Moderate
Unreviewed
CVE-2026-14503
was published
Jul 17, 2026
The Fense Proxy & VPN Blocker plugin for WordPress is vulnerable to unauthorized modification of...
Moderate
Unreviewed
CVE-2026-8616
was published
Jul 17, 2026
Grav before 2.0.4 contains a regular expression denial of service (ReDoS) vulnerability in the...
Moderate
Unreviewed
CVE-2026-62237
was published
Jul 17, 2026
OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks...
Moderate
Unreviewed
CVE-2026-62219
was published
Jul 17, 2026
OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass...
Moderate
Unreviewed
CVE-2026-62220
was published
Jul 17, 2026
OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser...
Moderate
Unreviewed
CVE-2026-62226
was published
Jul 17, 2026
OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in...
Moderate
Unreviewed
CVE-2026-62227
was published
Jul 17, 2026
OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas...
Moderate
Unreviewed
CVE-2026-62215
was published
Jul 17, 2026
OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the...
Moderate
Unreviewed
CVE-2026-62211
was published
Jul 17, 2026
OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation...
Moderate
Unreviewed
CVE-2026-62214
was published
Jul 17, 2026
OpenClaw before 2026.5.28 contains a race condition in the MS Teams safeFetch DNS rebinding check...
Moderate
Unreviewed
CVE-2026-62212
was published
Jul 17, 2026
OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound...
Moderate
Unreviewed
CVE-2026-62213
was published
Jul 17, 2026
OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the...
Moderate
Unreviewed
CVE-2026-62208
was published
Jul 17, 2026
OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media...
Moderate
Unreviewed
CVE-2026-62210
was published
Jul 17, 2026
OpenClaw versions before 2026.6.9 contain a missing authorization vulnerability in Discord...
Moderate
Unreviewed
CVE-2026-62206
was published
Jul 17, 2026
OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability...
Moderate
Unreviewed
CVE-2026-62205
was published
Jul 17, 2026
The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in...
Moderate
Unreviewed
CVE-2026-2594
was published
Jul 17, 2026
ProTip!
Advisories are also available from the
GraphQL API