GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Sylius: Cart FormComponent allows modification or deletion of an already-completed order
Moderate
CVE-2026-53637
was published
for
sylius/sylius
(Composer)
Jul 9, 2026
Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
Low
GHSA-2vg6-77g8-24mp
was published
for
@better-auth/scim
(npm)
Jul 7, 2026
Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an...
Moderate
Unreviewed
CVE-2026-58291
was published
Jul 3, 2026
zebrad has persistent on-disk corruption of Sapling/Orchard subtree roots after chain fork via pop_tip
Moderate
CVE-2026-52733
was published
for
zebra-state
(Rust)
Jul 2, 2026
Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse
Moderate
GHSA-pw6j-qg29-8w7f
was published
for
tornado
(pip)
Jun 15, 2026
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features...
High
Unreviewed
CVE-2026-2379
was published
Jun 5, 2026
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to...
Moderate
Unreviewed
CVE-2026-33463
was published
May 28, 2026
Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields
Low
CVE-2026-4053
was published
for
github.com/mattermost/mattermost-server
(Go)
May 15, 2026
Duplicate Advisory: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
Moderate
GHSA-v8j2-5f9p-fmh4
was published
for
openclaw
(npm)
May 11, 2026
•
withdrawn
Apache::Session versions through 1.94 for Perl re-creates deleted sessions.
The session stores...
Critical
Unreviewed
CVE-2013-10075
was published
May 8, 2026
Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
Critical
GHSA-m8wm-r5vq-qjpg
was published
for
openclaw
(npm)
May 6, 2026
•
withdrawn
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation
Critical
CVE-2026-43585
was published
for
openclaw
(npm)
Apr 17, 2026
Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a...
Moderate
Unreviewed
CVE-2026-1629
was published
Mar 16, 2026
Parse Server's MFA recovery codes not consumed after use
High
CVE-2026-31875
was published
for
parse-server
(npm)
Mar 11, 2026
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix...
High
Unreviewed
CVE-2026-23111
was published
Feb 13, 2026
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device...
High
Unreviewed
CVE-2025-69415
was published
Jan 2, 2026
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of...
Low
Unreviewed
CVE-2025-64686
was published
Nov 10, 2025
When passing through PCI devices, the detach logic in libxl won't remove
access permissions to...
High
Unreviewed
CVE-2025-58149
was published
Oct 31, 2025
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are...
High
Unreviewed
CVE-2025-55669
was published
Oct 15, 2025
MongoDB Server may allow upsert operations retried within a transaction to violate unique index...
Moderate
Unreviewed
CVE-2025-10060
was published
Sep 5, 2025
In the Linux kernel, the following vulnerability has been resolved:
io_uring/futex: ensure...
High
Unreviewed
CVE-2025-39698
was published
Sep 5, 2025
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety
Low
GHSA-655h-hg88-5qmf
was published
for
xcb
(Rust)
Aug 22, 2025
Wasmtime CLI is vulnerable to host panic through its fd_renumber function
Low
CVE-2025-53901
was published
for
wasmtime
(Rust)
Jul 18, 2025
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of...
High
Unreviewed
CVE-2025-6031
was published
Jun 12, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and...
High
Unreviewed
CVE-2025-31253
was published
May 13, 2025
ProTip!
Advisories are also available from the
GraphQL API