Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

701 advisories

Loading
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software... High Unreviewed
CVE-2026-2339 was published Mar 10, 2026
Missing authentication for critical function in Azure IoT Explorer allows an unauthorized... High Unreviewed
CVE-2026-23662 was published Mar 10, 2026
FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info High
CVE-2026-30933 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Mar 9, 2026
mdcoxe Credited to mdcoxe and ByteAfterlife ByteAfterlife ByteAfterlife
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing... High Unreviewed
CVE-2026-25071 was published Mar 7, 2026
Flowise Missing Authentication on NVIDIA NIM Endpoints High
CVE-2026-30824 was published for flowise (npm) Mar 6, 2026
tenbbughunters Credited to tenbbughunters
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication... High Unreviewed
CVE-2026-2754 was published Mar 6, 2026
Payment Orchestrator Service Elevation of Privilege Vulnerability High Unreviewed
CVE-2026-26125 was published Mar 6, 2026
Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk... High Unreviewed
CVE-2026-30784 was published Mar 5, 2026
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables... High Unreviewed
CVE-2026-1775 was published Mar 4, 2026
OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure High
CVE-2026-32041 was published for openclaw (npm) Mar 2, 2026
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
Amalie-Wowern Credited to Amalie-Wowern
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some... High Unreviewed
CVE-2025-15509 was published Feb 27, 2026
Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS... High Unreviewed
CVE-2026-27509 was published Feb 26, 2026
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP... High Unreviewed
CVE-2026-26340 was published Feb 24, 2026
The underlying PLC of the device can be remotely influenced, without proper safeguards or... High Unreviewed
CVE-2026-24790 was published Feb 20, 2026
The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management... High Unreviewed
CVE-2026-26048 was published Feb 20, 2026
Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated... High Unreviewed
CVE-2026-27182 was published Feb 19, 2026
The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux... High Unreviewed
CVE-2025-1272 was published Feb 18, 2026
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time... High Unreviewed
CVE-2025-70147 was published Feb 18, 2026
OpenClaw has an authentication bypass in sandbox browser bridge server High
CVE-2026-28468 was published for openclaw (npm) Feb 18, 2026
jackhax Credited to jackhax
OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests High
CVE-2026-26319 was published for openclaw (npm) Feb 17, 2026
p80n-sec Credited to p80n-sec
OpenClaw has a webhook auth bypass when gateway is behind a reverse proxy (loopback remoteAddress trust) High
CVE-2026-29613 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access High
CVE-2026-28458 was published for moltbot (npm) Feb 17, 2026
johnatzeropath Credited to johnatzeropath, LeftenantZero, and yueyueL LeftenantZero LeftenantZero
yueyueL yueyueL
Unauthenticated Admission Webhook Endpoints in Yoke ATC High
CVE-2026-26055 was published for github.com/yokecd/yoke (Go) Feb 12, 2026
b0b0haha Credited to b0b0haha and lixingquzhi lixingquzhi lixingquzhi
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows... High Unreviewed
CVE-2026-26235 was published Feb 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database