Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,925 advisories

Loading
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control High
CVE-2026-32720 was published for github.com/ctfer-io/monitoring (Go) Mar 13, 2026
ViRb3 Credited to ViRb3
OpenClaw: Discord guild reaction ingress could bypass users and roles allowlists Moderate
GHSA-9vvh-2768-c8vp was published for openclaw (npm) Mar 13, 2026
zpbrent Credited to zpbrent
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21667 was published Mar 12, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21666 was published Mar 12, 2026
OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream High
CVE-2026-32102 was published for github.com/OliveTin/OliveTin (Go) Mar 12, 2026
kule500 Credited to kule500
Winter vulnerable to privilege escalation by authenticated backend users Critical
CVE-2026-27591 was published for winter/wn-backend-module (Composer) Mar 12, 2026
skyhex19 Credited to skyhex19
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Critical Unreviewed
CVE-2025-66956 was published Mar 11, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access... Low Unreviewed
CVE-2026-24509 was published Mar 11, 2026
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace... High Unreviewed
CVE-2025-68623 was published Mar 11, 2026
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API Moderate
CVE-2026-3429 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
Parse Server has a protected fields bypass via dot-notation in query and sort High
CVE-2026-31872 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server has role escalation and CLP bypass via direct `_Join` table write Critical
CVE-2026-30966 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via logical query operators High
CVE-2026-30962 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
django-unicorn affected by component state manipulation via unvalidated attribute access Moderate
CVE-2026-31815 was published for django-unicorn (pip) Mar 11, 2026
RinZ27 Credited to RinZ27
The register protection of the PowerVR GPU is incorrectly configured. This could lead to local... Moderate Unreviewed
CVE-2026-0108 was published Mar 10, 2026
Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash Moderate
CVE-2026-2742 was published for com.vaadin:flow-server (Maven) Mar 10, 2026
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized... High Unreviewed
CVE-2026-25176 was published Mar 10, 2026
Improper access control in Windows Projected File System allows an authorized attacker to elevate... High Unreviewed
CVE-2026-24290 was published Mar 10, 2026
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to... High Unreviewed
CVE-2026-23660 was published Mar 10, 2026
An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may... Moderate Unreviewed
CVE-2026-22628 was published Mar 10, 2026
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a... High Unreviewed
CVE-2026-21262 was published Mar 10, 2026
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An... High Unreviewed
CVE-2026-30140 was published Mar 9, 2026
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions Moderate
GHSA-9q36-67vc-rrwg was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren High
CVE-2026-30926 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 9, 2026
Zwique Credited to Zwique
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected... Moderate Unreviewed
CVE-2026-3800 was published Mar 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database