Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

957 advisories

Loading
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol Low
CVE-2026-2733 was published for org.keycloak:keycloak-services (Maven) Feb 19, 2026
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... High Unreviewed
CVE-2025-4521 was published Feb 19, 2026
OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands High
CVE-2026-28392 was published for openclaw (npm) Feb 18, 2026
christos-eth Credited to christos-eth
OpenClaw Twitch allowFrom is not enforced in optional plugin, unauthorized chat users can trigger agent pipeline High
CVE-2026-28448 was published for openclaw (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
OpenClaw has a potential access-group authorization bypass if channel type lookup fails Critical
CVE-2026-28454 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering Moderate
CVE-2026-28450 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
An authorization issue was addressed with improved state management. This issue is fixed in iOS... Moderate Unreviewed
CVE-2026-20661 was published Feb 12, 2026
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and... Low Unreviewed
CVE-2026-20656 was published Feb 12, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS... Moderate Unreviewed
CVE-2026-20666 was published Feb 12, 2026
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before... High Unreviewed
CVE-2024-50617 was published Feb 12, 2026
An authorization issue was addressed with improved state management. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43403 was published Feb 12, 2026
Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within... Moderate Unreviewed
CVE-2025-30508 was published Feb 10, 2026
Claude Code has Permission Deny Bypass Through Symbolic Links Low
CVE-2026-25724 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
CVE-2026-25893 was published for fuxa-server (npm) Feb 5, 2026
wodzen Credited to wodzen
It was identified that under certain specific preconditions, an API key that was originally... Critical Unreviewed
CVE-2024-37282 was published Jan 30, 2026
The web interface offers a functionality to export the internal SQLite database. After executing... Moderate Unreviewed
CVE-2025-59100 was published Jan 26, 2026
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing) Moderate
CVE-2026-24421 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad Credited to Brahim-Fouad
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2026-24305 was published Jan 23, 2026
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin High
CVE-2026-22022 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass... High Unreviewed
CVE-2026-21641 was published Jan 20, 2026
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and... Moderate Unreviewed
CVE-2025-14348 was published Jan 20, 2026
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over... High Unreviewed
CVE-2026-20960 was published Jan 17, 2026
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed... Moderate Unreviewed
CVE-2026-22641 was published Jan 15, 2026
Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field High
CVE-2026-22033 was published for label-studio (pip) Jan 12, 2026
david3107 Credited to david3107
RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation Moderate
CVE-2026-22042 was published for rustfs (Rust) Jan 8, 2026
Threonine Credited to Threonine
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database