Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,232
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,505
Pub
12
RubyGems
996
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13,516 advisories

Loading
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass... Low Unreviewed
CVE-2026-31996 was published Mar 19, 2026
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal... Low Unreviewed
CVE-2026-31991 was published Mar 19, 2026
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field... Low Unreviewed
CVE-2026-4407 was published Mar 19, 2026
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals. Low Unreviewed
CVE-2026-3479 was published Mar 18, 2026
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload Low
CVE-2026-33221 was published for github.com/nhost/nhost (Go) Mar 18, 2026
0xkakash1 Credited to 0xkakash1
mo has a XSS via inline SVG script tags in Markdown rendering Low
GHSA-vccx-p757-pv6h was published for github.com/k1LoW/mo (Go) Mar 18, 2026
yagihash Credited to yagihash
Improper detection of disallowed URIs by Loofah `allowed_uri?` Low
GHSA-46fp-8f5p-pf2m was published for loofah (RubyGems) Mar 18, 2026
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical... Low Unreviewed
CVE-2025-31703 was published Mar 18, 2026
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP... Low Unreviewed
CVE-2026-4359 was published Mar 17, 2026
astral-tokio-tar insufficiently validates PAX extensions during extraction Low
CVE-2026-32766 was published for astral-tokio-tar (Rust) Mar 17, 2026
woodruffw Credited to woodruffw and xokdvium xokdvium xokdvium
Parse Server has a password reset token single-use bypass via concurrent requests Low
CVE-2026-32943 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Next.js: null origin can bypass dev HMR websocket CSRF checks Low
CVE-2026-27977 was published for next (npm) Mar 17, 2026
radu33 Credited to radu33 and xdavidhu xdavidhu xdavidhu
HCL Sametime is vulnerable to broken server-side validation. While the application performs... Low Unreviewed
CVE-2025-31966 was published Mar 17, 2026
A flaw was found in libsoup, a library used by applications to send network requests. This... Low Unreviewed
CVE-2026-3632 was published Mar 17, 2026
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type... Low Unreviewed
CVE-2026-3634 was published Mar 17, 2026
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the ... Low Unreviewed
CVE-2026-3633 was published Mar 17, 2026
Broken Access Control in extension "Redirect Tab" (redirect_tab) Low
CVE-2026-4202 was published for ayacoo/redirect-tab (Composer) Mar 17, 2026
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an... Low Unreviewed
CVE-2026-3237 was published Mar 17, 2026
Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the... Low Unreviewed
CVE-2026-26230 was published Mar 16, 2026
A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on... Low Unreviewed
CVE-2026-4250 was published Mar 16, 2026
A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this... Low Unreviewed
CVE-2026-4251 was published Mar 16, 2026
Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability Low
CVE-2026-32266 was published for craftcms/google-cloud (Composer) Mar 16, 2026
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata Low
CVE-2026-32722 was published for memray (pip) Mar 16, 2026
0xmrma Credited to 0xmrma
XSS in @leanprover/unicode-input-component Low
CVE-2026-32732 was published for @leanprover/unicode-input-component (npm) Mar 16, 2026
StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens Low
CVE-2026-32638 was published for studiocms (npm) Mar 16, 2026
restriction Credited to restriction and Adammatthiesen Adammatthiesen Adammatthiesen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database