Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,058
Maven
5,000+
npm
4,845
NuGet
825
pip
4,397
Pub
12
RubyGems
988
Rust
1,147
Swift
50
Unreviewed advisories
All unreviewed
5,000+

318,198 advisories

Loading
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow... Moderate Unreviewed
CVE-2026-3449 was published Mar 3, 2026
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via... Moderate Unreviewed
CVE-2026-3455 was published Mar 3, 2026
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User... Critical Unreviewed
CVE-2026-1492 was published Mar 3, 2026
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of ... Critical Unreviewed
CVE-2026-24107 was published Mar 2, 2026
A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function... Moderate Unreviewed
CVE-2026-1691 was published Jan 30, 2026
An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions... High Unreviewed
CVE-2026-1585 was published Feb 27, 2026
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability... Critical Unreviewed
CVE-2026-24108 was published Mar 2, 2026
Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on... Moderate Unreviewed
CVE-2025-47147 was published Mar 3, 2026
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2026-2628 was published Mar 3, 2026
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all... High Unreviewed
CVE-2026-2448 was published Mar 3, 2026
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin... High Unreviewed
CVE-2026-2269 was published Mar 3, 2026
An embedded test key and certificate could be extracted from a Poly Voice device using... High Unreviewed
CVE-2026-0754 was published Mar 3, 2026
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged... Low Unreviewed
CVE-2026-20757 was published Mar 3, 2026
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher... Moderate Unreviewed
CVE-2026-20801 was published Mar 3, 2026
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... Moderate Unreviewed
CVE-2026-1487 was published Mar 3, 2026
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4... High Unreviewed
CVE-2025-12773 was published Feb 3, 2026
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows... Critical Unreviewed
CVE-2025-11165 was published Feb 24, 2026
A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key... High Unreviewed
CVE-2025-12679 was published Feb 3, 2026
A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection... Moderate Unreviewed
CVE-2025-12774 was published Feb 3, 2026
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby... Moderate Unreviewed
CVE-2025-12680 was published Feb 3, 2026
OpenClaw: macOS optional allowlist basename matching could bypass path-based policy Moderate
GHSA-7f4q-9rqh-x36p was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE) Moderate
GHSA-2fgq-7j6h-9rm4 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy High
GHSA-r65x-2hqr-j5hf was published for openclaw (npm) Mar 3, 2026
76embiid21 Credited to 76embiid21
OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state Moderate
GHSA-6g25-pc82-vfwp was published for openclaw (npm) Mar 3, 2026
zdi-disclosures Credited to zdi-disclosures
OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants Moderate
GHSA-5847-rm3g-23mw was published for openclaw (npm) Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database