Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths High
CVE-2026-32036 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
Soft Serve Affected by an Authentication Bypass High
CVE-2026-24058 was published for github.com/charmbracelet/soft-serve (Go) Jan 21, 2026
juancabe Credited to juancabe and aymanbagabas aymanbagabas aymanbagabas
Spring Security annotation detection mechanism has authorization bypass High
CVE-2025-41248 was published for org.springframework.security:spring-security-core (Maven) Sep 16, 2025
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse Credited to jderusse, m0xr4, and stof m0xr4 m0xr4
stof stof
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Kentor.AuthServices (NuGet) Sep 20, 2023
c53robin Credited to c53robin
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database