Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

2,493 advisories

Loading
OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries High
GHSA-4w7m-58cg-cmff was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user... High Unreviewed
CVE-2026-30902 was published Mar 11, 2026
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks High
CVE-2026-31834 was published for Umbraco.Cms (NuGet) Mar 11, 2026
odgrso Credited to odgrso
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper... High Unreviewed
CVE-2026-1993 was published Mar 11, 2026
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of... High Unreviewed
CVE-2025-15576 was published Mar 9, 2026
By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow... High Unreviewed
CVE-2025-15547 was published Mar 9, 2026
The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8899 was published Mar 7, 2026
An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0... High Unreviewed
CVE-2026-26416 was published Mar 5, 2026
Vulnerability of improper verification in the email application. Impact: Successful exploitation... High Unreviewed
CVE-2026-28548 was published Mar 5, 2026
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC)... High Unreviewed
CVE-2026-29123 was published Mar 5, 2026
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore... High Unreviewed
CVE-2026-29124 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility... High Unreviewed
CVE-2026-29122 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility... High Unreviewed
CVE-2026-29121 was published Mar 5, 2026
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role High
CVE-2026-27803 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso
Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager High
CVE-2026-27802 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso and BlackDex BlackDex BlackDex
OpenClaw: Sandboxed sessions_spawn(runtime="acp") bypassed sandbox inheritance and allowed host ACP initialization High
GHSA-474h-prjg-mmw3 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman... High Unreviewed
CVE-2025-63909 was published Mar 3, 2026
Rancher's Azure AD permission changes are not reflected on active sessions High
CVE-2023-22648 was published for github.com/rancher/rancher (Go) Mar 3, 2026
yvespp Credited to yvespp
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... High Unreviewed
CVE-2026-1566 was published Mar 3, 2026
OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools High
GHSA-jr6x-2q95-fh2g was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic... High Unreviewed
CVE-2026-0032 was published Mar 2, 2026
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to... High Unreviewed
CVE-2026-0023 was published Mar 2, 2026
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to... High Unreviewed
CVE-2025-48645 was published Mar 2, 2026
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the... High Unreviewed
CVE-2025-48613 was published Mar 2, 2026
theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution High
CVE-2026-21882 was published for theshit (Rust) Mar 2, 2026
AsfhtgkDavid Credited to AsfhtgkDavid
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database