Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

445 advisories

Loading
baserCMS has Mail Form Acceptance Bypass via Public API Moderate
CVE-2026-30878 was published for baserproject/basercms (Composer) Mar 31, 2026
melonattacker Credited to melonattacker
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users... Moderate Unreviewed
CVE-2026-4818 was published Mar 31, 2026
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-1710 was published Mar 31, 2026
OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy Moderate
GHSA-39mp-545q-w789 was published for openclaw (npm) Mar 30, 2026
tdjackey Credited to tdjackey
OpenFGA Authorization Bypass Moderate
CVE-2025-48371 was published for github.com/openfga/openfga (Go) May 23, 2025
udyvish Credited to udyvish
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
GHSA-j4c9-w69r-cw33 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
NATS JetStream has an authorization bypass through its Management API Moderate
CVE-2026-33222 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
A vulnerability has been discovered in Grafana OSS where an authorization bypass in the... Moderate Unreviewed
CVE-2026-21724 was published Mar 26, 2026
OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision Moderate
GHSA-rqp8-q22p-5j9q was published for openclaw (npm) Mar 26, 2026
tdjackey Credited to tdjackey
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions Moderate
GHSA-x2cm-hg9c-mf5w was published for openclaw (npm) Mar 26, 2026
space08 Credited to space08
OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions Moderate
GHSA-8883-9w57-vwv6 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4.... Moderate Unreviewed
CVE-2026-28881 was published Mar 25, 2026
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS... Moderate Unreviewed
CVE-2026-28839 was published Mar 25, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-28845 was published Mar 25, 2026
Craft CMS has an authorization bypass which allows any control panel user to move entries without permissions Moderate
CVE-2026-33162 was published for craftcms/cms (Composer) Mar 24, 2026
GCXWLP Credited to GCXWLP
OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access Moderate
CVE-2026-32034 was published for openclaw (npm) Mar 3, 2026
Vasco0x4 Credited to Vasco0x4
PowerSync: Some sync filters ignored on 1.20.0 using `config.edition: 3` Moderate
CVE-2026-30870 was published for @powersync/service-core (npm) Mar 7, 2026
rkistner Credited to rkistner
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews,... Moderate Unreviewed
CVE-2025-10731 was published Mar 23, 2026
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews,... Moderate Unreviewed
CVE-2025-10736 was published Mar 23, 2026
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the... Moderate Unreviewed
CVE-2026-4563 was published Mar 23, 2026
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is... Moderate Unreviewed
CVE-2026-2294 was published Mar 21, 2026
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an... Moderate Unreviewed
CVE-2024-21987 was published Feb 16, 2024
An incorrect authorization vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2023-32967 was published Feb 2, 2024
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB Moderate
CVE-2026-32704 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 13, 2026
fg0x0 Credited to fg0x0
A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1.... Moderate Unreviewed
CVE-2026-4171 was published Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database