GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
133 advisories
Filter by severity
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated...
High
Unreviewed
CVE-2026-58593
was published
Jul 1, 2026
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path...
High
Unreviewed
CVE-2026-13207
was published
Jun 30, 2026
Authentication Bypass by Spoofing vulnerability in Apache APISIX.
The attacker can completely...
High
Unreviewed
CVE-2026-39999
was published
Jun 19, 2026
Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header...
High
Unreviewed
CVE-2026-55202
was published
Jun 17, 2026
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
High
Unreviewed
CVE-2026-27089
was published
Jun 15, 2026
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming...
High
Unreviewed
CVE-2026-53833
was published
Jun 13, 2026
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local...
High
Unreviewed
CVE-2026-53832
was published
Jun 13, 2026
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature...
High
Unreviewed
CVE-2026-53823
was published
Jun 13, 2026
A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could...
High
Unreviewed
CVE-2026-6090
was published
Jun 10, 2026
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL...
High
Unreviewed
CVE-2026-42674
was published
Jun 1, 2026
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an...
High
Unreviewed
CVE-2026-8676
was published
May 26, 2026
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local...
High
Unreviewed
CVE-2018-25361
was published
May 26, 2026
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151.
High
Unreviewed
CVE-2026-8963
was published
May 19, 2026
Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151.
High
Unreviewed
CVE-2026-8960
was published
May 19, 2026
A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9...
High
Unreviewed
CVE-2026-28954
was published
May 11, 2026
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
High
Unreviewed
CVE-2026-45223
was published
May 11, 2026
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to...
High
Unreviewed
CVE-2025-50328
was published
Apr 29, 2026
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any...
High
Unreviewed
CVE-2026-22734
was published
Apr 17, 2026
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce...
High
Unreviewed
CVE-2026-24372
was published
Mar 25, 2026
WebCTRL systems that communicate over BACnet inherit the protocol's lack
of network layer...
High
Unreviewed
CVE-2026-32666
was published
Mar 21, 2026
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the...
High
Unreviewed
CVE-2025-67298
was published
Mar 11, 2026
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider ...
High
Unreviewed
CVE-2024-1524
was published
Feb 24, 2026
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order...
High
Unreviewed
CVE-2025-69401
was published
Feb 20, 2026
A vulnerability was reported in ThinkPlus configuration software that could allow a local...
High
Unreviewed
CVE-2025-13455
was published
Jan 15, 2026
Authentication Bypass by Spoofing vulnerability in Apache NimBLE.
Receiving specially crafted...
High
Unreviewed
CVE-2025-62235
was published
Jan 10, 2026
ProTip!
Advisories are also available from the
GraphQL API