Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
Spinnaker: RCE via expression parsing due to unrestricted context handling Critical
CVE-2026-32613 was published for io.spinnaker.echo:echo-pipelinetriggers (Maven) Apr 21, 2026
LeftenantZero Credited to LeftenantZero and jasonmcintosh jasonmcintosh jasonmcintosh
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths Critical
CVE-2026-32604 was published for io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo (Maven) Apr 21, 2026
LeftenantZero Credited to LeftenantZero and jasonmcintosh jasonmcintosh jasonmcintosh
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access High
CVE-2026-28458 was published for moltbot (npm) Feb 17, 2026
johnatzeropath Credited to johnatzeropath, LeftenantZero, and yueyueL LeftenantZero LeftenantZero
yueyueL yueyueL
Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host Moderate
CVE-2026-25492 was published for craftcms/craft (Composer) Feb 9, 2026
LeftenantZero Credited to LeftenantZero
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database