GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
109 advisories
Filter by severity
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected...
Critical
Unreviewed
CVE-2026-7663
was published
Jun 30, 2026
Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
Critical
CVE-2026-55166
was published
for
lemur
(pip)
Jun 25, 2026
OpenAM Pre-auth User Profile Tampering via Anonymous SOAP Authn in Liberty IDPP/Discovery Endpoints
Critical
CVE-2026-45052
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jun 24, 2026
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass...
Critical
Unreviewed
CVE-2026-10580
was published
Jun 5, 2026
Shopper: Authorization bypass and RBAC privilege escalation in team settings
Critical
CVE-2026-47744
was published
for
shopper/framework
(Composer)
Jun 5, 2026
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose...
Critical
Unreviewed
CVE-2026-48579
was published
Jun 5, 2026
In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a...
Critical
Unreviewed
CVE-2026-0072
was published
Jun 1, 2026
stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback
Critical
GHSA-fp6w-8wpg-74g5
was published
for
stigmem-node
(pip)
May 29, 2026
Apache Tomcat - Security constraints not correctly applied
Critical
CVE-2026-43515
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 12, 2026
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information...
Critical
Unreviewed
CVE-2026-33823
was published
May 8, 2026
The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP...
Critical
Unreviewed
CVE-2026-30496
was published
May 7, 2026
Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys
Critical
GHSA-47wq-cj9q-wpmp
was published
for
@paperclipai/server
(npm)
Apr 16, 2026
Juju: CloudSpec method leaking cloud credentials
Critical
CVE-2026-5412
was published
for
github.com/juju/juju
(Go)
Apr 10, 2026
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity
Critical
CVE-2026-33950
was published
for
signalk-server
(npm)
Apr 3, 2026
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges...
Critical
Unreviewed
CVE-2026-32213
was published
Apr 3, 2026
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to...
Critical
Unreviewed
CVE-2026-33105
was published
Apr 3, 2026
gRPC-Go has an authorization bypass via missing leading slash in :path
Critical
CVE-2026-33186
was published
for
google.golang.org/grpc
(Go)
Mar 18, 2026
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication...
Critical
Unreviewed
CVE-2026-30702
was published
Mar 18, 2026
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes
Critical
CVE-2026-32916
was published
for
openclaw
(npm)
Mar 13, 2026
OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover
Critical
CVE-2026-30956
was published
for
@oneuptime/common
(npm)
Mar 10, 2026
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
Critical
CVE-2026-30869
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Mar 7, 2026
Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk...
Critical
Unreviewed
CVE-2026-30793
was published
Mar 5, 2026
Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)
Critical
CVE-2022-31247
was published
for
github.com/rancher/rancher
(Go)
Mar 3, 2026
OpenClaw has a potential access-group authorization bypass if channel type lookup fails
Critical
CVE-2026-28454
was published
for
openclaw
(npm)
Feb 17, 2026
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting
Critical
CVE-2026-25893
was published
for
fuxa-server
(npm)
Feb 5, 2026
ProTip!
Advisories are also available from the
GraphQL API