GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
592 advisories
Filter by severity
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module...
Low
Unreviewed
CVE-2026-8651
was published
Jul 8, 2026
n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks...
Moderate
Unreviewed
CVE-2026-56360
was published
Jul 8, 2026
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
High
CVE-2026-55501
was published
for
9router
(npm)
Jul 6, 2026
Authentication Bypass by Spoofing vulnerability in Apache IoTDB.
Certain Thrift RPC query...
Critical
Unreviewed
CVE-2026-24013
was published
Jul 6, 2026
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2026-45489
was published
Jul 3, 2026
9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
High
CVE-2026-49353
was published
for
9router
(npm)
Jul 2, 2026
OpenClaw: Matrix allowFrom could bind to mutable display names
High
CVE-2026-53811
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Slack allowFrom could bind to mutable display names
High
GHSA-c29c-2q9c-pc86
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Control UI locality spoofing could mint a durable admin device token
High
CVE-2026-53817
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers
High
GHSA-rggc-m335-3wvj
was published
for
openclaw
(npm)
Jul 2, 2026
GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward
Moderate
CVE-2026-45045
was published
for
github.com/gofiber/fiber/v2
(Go)
Jul 2, 2026
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote...
Moderate
Unreviewed
CVE-2026-14381
was published
Jul 2, 2026
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated...
High
Unreviewed
CVE-2026-58593
was published
Jul 1, 2026
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication....
Critical
Unreviewed
CVE-2026-24270
was published
Jul 1, 2026
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-14118
was published
Jul 1, 2026
Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-13985
was published
Jul 1, 2026
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-13984
was published
Jul 1, 2026
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path...
High
Unreviewed
CVE-2026-13207
was published
Jun 30, 2026
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author....
Critical
Unreviewed
CVE-2026-58370
was published
Jun 30, 2026
chi Has an IP Spoofing Vulnerability in `middleware.RealIP`
Moderate
GHSA-3fxj-6jh8-hvhx
was published
for
github.com/go-chi/chi/v5/middleware
(Go)
Jun 25, 2026
chi's RealIP Middleware allows IP spoofing via unvalidated X-Forwarded-For header
High
GHSA-rjr7-jggh-pgcp
was published
for
github.com/go-chi/chi/middleware
(Go)
Jun 25, 2026
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS,...
Moderate
Unreviewed
CVE-2026-52690
was published
Jun 25, 2026
Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers
High
CVE-2026-25119
was published
for
gogs.io/gogs
(Go)
Jun 22, 2026
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
Critical
CVE-2026-54782
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed...
Low
Unreviewed
CVE-2026-49231
was published
Jun 19, 2026
ProTip!
Advisories are also available from the
GraphQL API