Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,986 advisories

Loading
OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes Critical
GHSA-rqpp-rjj8-7wv8 was published for openclaw (npm) Mar 13, 2026
LUOYEcode Credited to LUOYEcode
OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries High
GHSA-4w7m-58cg-cmff was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE Critical
GHSA-4jpw-hj22-2xmc was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes Critical
GHSA-xw77-45gv-p728 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts Moderate
CVE-2026-32106 was published for studiocms (npm) Mar 12, 2026
restriction Credited to restriction and Adammatthiesen Adammatthiesen Adammatthiesen
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC... Moderate Unreviewed
CVE-2026-2640 was published Mar 11, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege... Moderate Unreviewed
CVE-2026-24510 was published Mar 11, 2026
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user... High Unreviewed
CVE-2026-30902 was published Mar 11, 2026
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks High
CVE-2026-31834 was published for Umbraco.Cms (NuGet) Mar 11, 2026
odgrso Credited to odgrso
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper... High Unreviewed
CVE-2026-1993 was published Mar 11, 2026
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST... Critical Unreviewed
CVE-2026-2631 was published Mar 11, 2026
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface Critical
CVE-2026-30960 was published for rssn (Rust) Mar 10, 2026
panayang Credited to panayang
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of... High Unreviewed
CVE-2025-15576 was published Mar 9, 2026
By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow... High Unreviewed
CVE-2025-15547 was published Mar 9, 2026
The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8899 was published Mar 7, 2026
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc... Critical Unreviewed
CVE-2025-29165 was published Mar 5, 2026
An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0... High Unreviewed
CVE-2026-26416 was published Mar 5, 2026
Vulnerability of improper verification in the email application. Impact: Successful exploitation... High Unreviewed
CVE-2026-28548 was published Mar 5, 2026
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor... Critical Unreviewed
CVE-2026-29127 was published Mar 5, 2026
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC)... High Unreviewed
CVE-2026-29123 was published Mar 5, 2026
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore... High Unreviewed
CVE-2026-29124 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility... High Unreviewed
CVE-2026-29122 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility... High Unreviewed
CVE-2026-29121 was published Mar 5, 2026
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role High
CVE-2026-27803 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso
Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager High
CVE-2026-27802 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso and BlackDex BlackDex BlackDex
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database