Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

10,298 advisories

Loading
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as... Moderate Unreviewed
CVE-2023-5992 was published Jan 31, 2024
OpenClaw: Message action attachment hydration bypasses local media root checks when sandboxRoot is unset High
CVE-2026-27522 was published for openclaw (npm) Mar 2, 2026
GCXWLP Credited to GCXWLP
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` Critical
CVE-2026-32633 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service Critical
CVE-2026-32938 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 17, 2026
TCOTC Credited to TCOTC, YuxinZhaozyx, and 88250 YuxinZhaozyx YuxinZhaozyx
88250 88250
HAPI FHIR HTTP authentication leak in redirects Critical
CVE-2026-33180 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 18, 2026
ElliotSilver Credited to ElliotSilver
Parse Server leaks protected fields via LiveQuery afterEvent trigger High
CVE-2026-33163 was published for parse-server (npm) Mar 18, 2026
mtrezza Credited to mtrezza
FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info High
CVE-2026-30933 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Mar 9, 2026
mdcoxe Credited to mdcoxe
Broken Access Control in extension "Redirect Tab" (redirect_tab) Low
CVE-2026-4202 was published for ayacoo/redirect-tab (Composer) Mar 17, 2026
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-48680 was published Feb 27, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch Low
CVE-2024-24758 was published for undici (npm) Feb 16, 2024
T1m0n0 Credited to T1m0n0 and mcollina mcollina mcollina
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive... Moderate Unreviewed
CVE-2026-1267 was published Mar 18, 2026
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata... Moderate Unreviewed
CVE-2025-9572 was published Feb 27, 2026
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php Moderate
CVE-2026-33041 was published for wwbn/avideo (Composer) Mar 17, 2026
offensiveee Credited to offensiveee
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc.... Moderate Unreviewed
CVE-2026-24498 was published Feb 27, 2026
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature.... Low Unreviewed
CVE-2025-52649 was published Mar 16, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation... Low Unreviewed
CVE-2025-61639 was published Feb 3, 2026
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function... Moderate Unreviewed
CVE-2026-2861 was published Feb 21, 2026
Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability Low
CVE-2026-32266 was published for craftcms/google-cloud (Composer) Mar 16, 2026
Amazon S3 for Craft CMS has an Information Disclosure vulnerability Moderate
CVE-2026-32265 was published for craftcms/aws-s3 (Composer) Mar 16, 2026
Neosprings Credited to Neosprings
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials High
CVE-2026-32609 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Glances exposes the REST API without authentication High
CVE-2026-32596 was published for Glances (pip) Mar 16, 2026
DhiyaneshGeek Credited to DhiyaneshGeek
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown... Low Unreviewed
CVE-2026-4218 was published Mar 16, 2026
Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which... High Unreviewed
CVE-2026-2476 was published Mar 16, 2026
A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2... Moderate Unreviewed
CVE-2018-20811 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce... Moderate Unreviewed
CVE-2024-1436 was published Feb 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database