GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,048 advisories
Filter by severity
A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function...
Moderate
Unreviewed
CVE-2026-5246
was published
Apr 2, 2026
Parser Server's streaming file download bypasses afterFind file trigger authorization
High
CVE-2026-34784
was published
for
parse-server
(npm)
Apr 1, 2026
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
Moderate
CVE-2026-34738
was published
for
wwbn/avideo
(Composer)
Apr 1, 2026
Open WebUI has Broken Access Control in Tool Valves
High
CVE-2026-34222
was published
for
open-webui
(pip)
Apr 1, 2026
Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote...
Moderate
Unreviewed
CVE-2026-5283
was published
Apr 1, 2026
SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking
High
CVE-2026-32716
was published
for
scitokens
(pip)
Mar 31, 2026
baserCMS has Mail Form Acceptance Bypass via Public API
Moderate
CVE-2026-30878
was published
for
baserproject/basercms
(Composer)
Mar 31, 2026
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users...
Moderate
Unreviewed
CVE-2026-4818
was published
Mar 31, 2026
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2026-1710
was published
Mar 31, 2026
OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy
Moderate
CVE-2026-35620
was published
for
openclaw
(npm)
Mar 30, 2026
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State
Moderate
CVE-2026-35661
was published
for
openclaw
(npm)
Mar 29, 2026
Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)
High
GHSA-46wh-3698-f2cx
was published
for
github.com/traefik/traefik/v2
(Go)
Mar 29, 2026
The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2026-4248
was published
Mar 28, 2026
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer...
Low
Unreviewed
CVE-2026-4958
was published
Mar 27, 2026
OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision
Moderate
CVE-2026-35635
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Moderate
CVE-2026-35662
was published
for
openclaw
(npm)
Mar 26, 2026
Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions
Moderate
CVE-2026-21724
was published
for
github.com/grafana/grafana
(Go)
Mar 26, 2026
OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation
Low
CVE-2026-35649
was published
for
openclaw
(npm)
Mar 26, 2026
OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions
Moderate
CVE-2026-35652
was published
for
openclaw
(npm)
Mar 26, 2026
Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation
High
CVE-2026-33680
was published
for
code.vikunja.io/api
(Go)
Mar 25, 2026
Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect
High
CVE-2026-33668
was published
for
code.vikunja.io/api
(Go)
Mar 25, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2026-28845
was published
Mar 25, 2026
An authentication issue was addressed with improved state management. This issue is fixed in iOS...
High
Unreviewed
CVE-2026-28865
was published
Mar 25, 2026
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS...
Moderate
Unreviewed
CVE-2026-28839
was published
Mar 25, 2026
A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4....
Moderate
Unreviewed
CVE-2026-28881
was published
Mar 25, 2026
ProTip!
Advisories are also available from the
GraphQL API