Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

93 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk... Critical Unreviewed
CVE-2026-30793 was published Mar 5, 2026
gRPC-Go has an authorization bypass via missing leading slash in :path Critical
CVE-2026-33186 was published for google.golang.org/grpc (Go) Mar 18, 2026
MariuszMaik Credited to MariuszMaik
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication... Critical Unreviewed
CVE-2026-30702 was published Mar 18, 2026
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes Critical
GHSA-xw77-45gv-p728 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover Critical
CVE-2026-30956 was published for @oneuptime/common (npm) Mar 10, 2026
Zwique Credited to Zwique
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage Critical
CVE-2026-30869 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 7, 2026
Zwique Credited to Zwique
OpenClaw has a potential access-group authorization bypass if channel type lookup fails Critical
CVE-2026-28454 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) Critical
CVE-2022-31247 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try Credited to cold-try and Wenxin-Jiang Wenxin-Jiang Wenxin-Jiang
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
CVE-2026-25893 was published for fuxa-server (npm) Feb 5, 2026
wodzen Credited to wodzen
It was identified that under certain specific preconditions, an API key that was originally... Critical Unreviewed
CVE-2024-37282 was published Jan 30, 2026
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2026-24305 was published Jan 23, 2026
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi Credited to hakivvi, lucasmrod, getvictor, rh-colbymorgan, and jeffssh lucasmrod lucasmrod
getvictor getvictor rh-colbymorgan rh-colbymorgan jeffssh jeffssh
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-65041 was published Dec 19, 2025
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers... Critical Unreviewed
CVE-2023-53895 was published Dec 16, 2025
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed
CVE-2025-58386 was published Dec 2, 2025
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System... Critical Unreviewed
CVE-2025-63691 was published Nov 7, 2025
An authorization issue was addressed with improved state management. This issue is fixed in tvOS... Critical Unreviewed
CVE-2025-31255 was published Sep 16, 2025
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Oct 6, 2025
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ... Critical Unreviewed
CVE-2021-28799 was published May 24, 2022
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control,... Critical Unreviewed
CVE-2024-9095 was published Mar 20, 2025
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-53795 was published Aug 21, 2025
The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to... Critical Unreviewed
CVE-2025-7778 was published Aug 15, 2025
Azure Portal Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-53792 was published Aug 7, 2025
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-49746 was published Jul 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database