Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13,625 advisories

Loading
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific... Low Unreviewed
CVE-2026-35094 was published Apr 1, 2026
OpenClaw affected by SSRF via unguarded image download in fal provider Low
GHSA-qxgf-hmcj-3xw3 was published for openclaw (npm) Apr 1, 2026
AntAISecurityLab Credited to AntAISecurityLab
OpenClaw SSRF guard misses four IPv6 special-use ranges Low
GHSA-g86v-f9qv-rh6m was published for openclaw (npm) Mar 31, 2026
nicky-cc Credited to nicky-cc
Graby has stored XSS via iframe srcdoc Attribute in htmLawed Sanitization Config Low
GHSA-3h6j-9x8m-rg3g was published for j0k3r/graby (Composer) Mar 31, 2026
tikket1 Credited to tikket1
Nautobot: Management of users via REST API does not apply configured password validators Low
CVE-2026-34203 was published for nautobot (pip) Mar 31, 2026
morimori-dev Credited to morimori-dev
A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall... Low Unreviewed
CVE-2026-3469 was published Mar 31, 2026
A vulnerability exists in the SonicWall Email Security appliance due to improper input... Low Unreviewed
CVE-2026-3470 was published Mar 31, 2026
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams... Low Unreviewed
CVE-2026-34506 was published Mar 31, 2026
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams... Low Unreviewed
CVE-2026-34509 was published Mar 31, 2026
When the internal webserver is enabled (default is disabled), an attacker might be able to trick... Low Unreviewed
CVE-2026-0397 was published Mar 31, 2026
An attacker might be able to inject HTML content into the internal web dashboard by sending... Low Unreviewed
CVE-2026-0396 was published Mar 31, 2026
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local... Low Unreviewed
CVE-2026-32970 was published Mar 31, 2026
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow... Low Unreviewed
CVE-2026-4794 was published Mar 31, 2026
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is... Low Unreviewed
CVE-2026-5115 was published Mar 31, 2026
A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()`... Low Unreviewed
CVE-2026-21715 was published Mar 30, 2026
An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the... Low Unreviewed
CVE-2026-21716 was published Mar 30, 2026
go-git missing validation decoding Index v4 files leads to panic Low
CVE-2026-33762 was published for github.com/go-git/go-git/v5 (Go) Mar 30, 2026
kq5y Credited to kq5y
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the... Low Unreviewed
CVE-2026-28528 was published Mar 30, 2026
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the... Low Unreviewed
CVE-2026-28526 was published Mar 30, 2026
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the... Low Unreviewed
CVE-2026-28527 was published Mar 30, 2026
A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function... Low Unreviewed
CVE-2026-5107 was published Mar 30, 2026
Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded... Low Unreviewed
CVE-2025-7741 was published Mar 30, 2026
Parse Server has an MFA single-use token bypass via concurrent authData login requests Low
CVE-2026-34224 was published for parse-server (npm) Mar 29, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController) Low
GHSA-53p3-c7vp-4mcc was published for action_text-trix (RubyGems) Mar 29, 2026
Handlebars.js has a Property Access Validation Bypass in container.lookup Low
GHSA-442j-39wm-28r2 was published for handlebars (npm) Mar 29, 2026
TinkAnet Credited to TinkAnet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database