Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,022
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,403
Swift
61
Unreviewed advisories
All unreviewed
5,000+

72 advisories

Loading
Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse Moderate
GHSA-pw6j-qg29-8w7f was published for tornado (pip) Jun 15, 2026
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features... High Unreviewed
CVE-2026-2379 was published Jun 5, 2026
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to... Moderate Unreviewed
CVE-2026-33463 was published May 28, 2026
Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields Low
CVE-2026-4053 was published for github.com/mattermost/mattermost-server (Go) May 15, 2026
Duplicate Advisory: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload Moderate
GHSA-v8j2-5f9p-fmh4 was published for openclaw (npm) May 11, 2026 withdrawn
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores... Critical Unreviewed
CVE-2013-10075 was published May 8, 2026
Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation Critical
GHSA-m8wm-r5vq-qjpg was published for openclaw (npm) May 6, 2026 withdrawn
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation Critical
CVE-2026-43585 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a... Moderate Unreviewed
CVE-2026-1629 was published Mar 16, 2026
Parse Server's MFA recovery codes not consumed after use High
CVE-2026-31875 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device... High Unreviewed
CVE-2025-69415 was published Jan 2, 2026
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of... Low Unreviewed
CVE-2025-64686 was published Nov 10, 2025
When passing through PCI devices, the detach logic in libxl won't remove access permissions to... High Unreviewed
CVE-2025-58149 was published Oct 31, 2025
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are... High Unreviewed
CVE-2025-55669 was published Oct 15, 2025
MongoDB Server may allow upsert operations retried within a transaction to violate unique index... Moderate Unreviewed
CVE-2025-10060 was published Sep 5, 2025
In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure... High Unreviewed
CVE-2025-39698 was published Sep 5, 2025
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety Low
GHSA-655h-hg88-5qmf was published for xcb (Rust) Aug 22, 2025
Wasmtime CLI is vulnerable to host panic through its fd_renumber function Low
CVE-2025-53901 was published for wasmtime (Rust) Jul 18, 2025
hatoo Credited to hatoo and rvolosatovs rvolosatovs rvolosatovs
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of... High Unreviewed
CVE-2025-6031 was published Jun 12, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and... High Unreviewed
CVE-2025-31253 was published May 13, 2025
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed
CVE-2025-2517 was published Apr 21, 2025
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
Suspended Directus user can continue to use session token to access API Low
CVE-2025-30351 was published for @directus/api (npm) Mar 26, 2025
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A... Moderate Unreviewed
CVE-2025-21117 was published Feb 5, 2025
In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a... High Unreviewed
CVE-2024-57929 was published Jan 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database