Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,445 advisories

Loading
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control High
CVE-2026-32720 was published for github.com/ctfer-io/monitoring (Go) Mar 13, 2026
ViRb3 Credited to ViRb3
OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream High
CVE-2026-32102 was published for github.com/OliveTin/OliveTin (Go) Mar 12, 2026
kule500 Credited to kule500
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace... High Unreviewed
CVE-2025-68623 was published Mar 11, 2026
Parse Server has a protected fields bypass via dot-notation in query and sort High
CVE-2026-31872 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via logical query operators High
CVE-2026-30962 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized... High Unreviewed
CVE-2026-25176 was published Mar 10, 2026
Improper access control in Windows Projected File System allows an authorized attacker to elevate... High Unreviewed
CVE-2026-24290 was published Mar 10, 2026
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to... High Unreviewed
CVE-2026-23660 was published Mar 10, 2026
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a... High Unreviewed
CVE-2026-21262 was published Mar 10, 2026
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An... High Unreviewed
CVE-2026-30140 was published Mar 9, 2026
SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren High
CVE-2026-30926 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 9, 2026
Zwique Credited to Zwique
WeKnora has Broken Access Control - Cross-Tenant Data Exposure High
CVE-2026-30859 was published for github.com/Tencent/WeKnora (Go) Mar 6, 2026
aleister1102 Credited to aleister1102
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x... High Unreviewed
CVE-2025-70363 was published Mar 6, 2026
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure High
CVE-2026-30244 was published for plane (pip) Mar 5, 2026
Sanu1999 Credited to Sanu1999
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control... High Unreviewed
CVE-2025-70614 was published Mar 5, 2026
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon... High Unreviewed
CVE-2026-26418 was published Mar 5, 2026
A broken access control vulnerability in the password reset functionality of Tata Consultancy... High Unreviewed
CVE-2026-26417 was published Mar 5, 2026
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5... High Unreviewed
CVE-2026-25702 was published Mar 5, 2026
Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote... High Unreviewed
CVE-2026-3543 was published Mar 4, 2026
Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a... High Unreviewed
CVE-2026-3542 was published Mar 4, 2026
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote... High Unreviewed
CVE-2026-3541 was published Mar 4, 2026
OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs High
GHSA-9f72-qcpw-2hxc was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login High
CVE-2026-28790 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
kule500 Credited to kule500
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only... High Unreviewed
CVE-2025-48619 was published Mar 2, 2026
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database