Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
Apache Tomcat - Security constraints not correctly applied Critical
CVE-2026-43515 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 12, 2026
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information... Critical Unreviewed
CVE-2026-33823 was published May 8, 2026
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP... Critical Unreviewed
CVE-2026-30496 was published May 7, 2026
Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys Critical
GHSA-47wq-cj9q-wpmp was published for @paperclipai/server (npm) Apr 16, 2026
peaktwilight Credited to peaktwilight
Juju: CloudSpec method leaking cloud credentials Critical
CVE-2026-5412 was published for github.com/juju/juju (Go) Apr 10, 2026
alesstimec Credited to alesstimec, wallyworld, and hpidcock wallyworld wallyworld
hpidcock hpidcock
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity Critical
CVE-2026-33950 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges... Critical Unreviewed
CVE-2026-32213 was published Apr 3, 2026
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-33105 was published Apr 3, 2026
gRPC-Go has an authorization bypass via missing leading slash in :path Critical
CVE-2026-33186 was published for google.golang.org/grpc (Go) Mar 18, 2026
MariuszMaik Credited to MariuszMaik
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication... Critical Unreviewed
CVE-2026-30702 was published Mar 18, 2026
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes Critical
CVE-2026-32916 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover Critical
CVE-2026-30956 was published for @oneuptime/common (npm) Mar 10, 2026
Zwique Credited to Zwique
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage Critical
CVE-2026-30869 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 7, 2026
Zwique Credited to Zwique
Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk... Critical Unreviewed
CVE-2026-30793 was published Mar 5, 2026
Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) Critical
CVE-2022-31247 was published for github.com/rancher/rancher (Go) Mar 3, 2026
OpenClaw has a potential access-group authorization bypass if channel type lookup fails Critical
CVE-2026-28454 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek and stanislavfortaisle stanislavfortaisle stanislavfortaisle
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
CVE-2026-25893 was published for fuxa-server (npm) Feb 5, 2026
wodzen Credited to wodzen
It was identified that under certain specific preconditions, an API key that was originally... Critical Unreviewed
CVE-2024-37282 was published Jan 30, 2026
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2026-24305 was published Jan 23, 2026
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-65041 was published Dec 19, 2025
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers... Critical Unreviewed
CVE-2023-53895 was published Dec 16, 2025
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed
CVE-2025-58386 was published Dec 2, 2025
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System... Critical Unreviewed
CVE-2025-63691 was published Nov 7, 2025
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Oct 6, 2025
An authorization issue was addressed with improved state management. This issue is fixed in tvOS... Critical Unreviewed
CVE-2025-31255 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database