Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the... Low Unreviewed
CVE-2026-4549 was published Mar 22, 2026
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an... Low Unreviewed
CVE-2026-3237 was published Mar 17, 2026
Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning Low
GHSA-q926-c743-49qj was published for github.com/centrifugal/centrifugo/v6 (Go) Mar 13, 2026
VarshankNaik Credited to VarshankNaik
OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains Low
CVE-2026-31993 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
PSI Probe: Broken access control can lead to DoS Low
CVE-2026-3269 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability... Low Unreviewed
CVE-2026-2974 was published Feb 23, 2026
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol Low
CVE-2026-2733 was published for org.keycloak:keycloak-services (Maven) Feb 19, 2026
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and... Low Unreviewed
CVE-2026-20656 was published Feb 12, 2026
Claude Code has Permission Deny Bypass Through Symbolic Links Low
CVE-2026-25724 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized... Low Unreviewed
CVE-2025-12958 was published Jan 7, 2026
A vulnerability was identified in fushengqian fuint up to... Low Unreviewed
CVE-2025-12623 was published Nov 3, 2025
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address... Low Unreviewed
CVE-2025-11244 was published Oct 25, 2025
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg Credited to SimonTheLeg and embik embik embik
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of... Low Unreviewed
CVE-2025-4654 was published Jul 2, 2025
The lesscss script service allows cache clearing without programming right Low
CVE-2025-32972 was published for org.xwiki.platform:xwiki-platform-lesscss-script (Maven) Apr 29, 2025
Improper authorization in application password policy in Devolutions Remote Desktop Manager on... Low Unreviewed
CVE-2025-2528 was published Mar 26, 2025
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could... Low Unreviewed
CVE-2020-9081 was published Dec 27, 2024
Access permission verification vulnerability in the Notepad module Impact: Successful... Low Unreviewed
CVE-2024-42036 was published Aug 8, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Low
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
The Gotham video-application-server service contained a race condition which would cause it to... Low Unreviewed
CVE-2023-30954 was published Nov 15, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following... Low Unreviewed
CVE-2023-44154 was published Sep 27, 2023
An attacker with local access to the machine could record the traffic, which could allow them... Low Unreviewed
CVE-2023-24476 was published Jun 8, 2023
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to... Low Unreviewed
CVE-2022-4062 was published Feb 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database