Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13,513 advisories

Loading
OpenClaw's runtime /debug override path accepted prototype-reserved keys Low
CVE-2026-27524 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens Low
CVE-2026-32638 was published for studiocms (npm) Mar 16, 2026
restriction Credited to restriction and Adammatthiesen Adammatthiesen Adammatthiesen
Parse Server has a password reset token single-use bypass via concurrent requests Low
CVE-2026-32943 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals. Low Unreviewed
CVE-2026-3479 was published Mar 18, 2026
Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload Low
CVE-2026-33221 was published for github.com/nhost/nhost (Go) Mar 18, 2026
0xkakash1 Credited to 0xkakash1
mo has a XSS via inline SVG script tags in Markdown rendering Low
GHSA-vccx-p757-pv6h was published for github.com/k1LoW/mo (Go) Mar 18, 2026
yagihash Credited to yagihash
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs... Low Unreviewed
CVE-2026-1485 was published Jan 27, 2026
Improper detection of disallowed URIs by Loofah `allowed_uri?` Low
GHSA-46fp-8f5p-pf2m was published for loofah (RubyGems) Mar 18, 2026
Broken Access Control in extension "Redirect Tab" (redirect_tab) Low
CVE-2026-4202 was published for ayacoo/redirect-tab (Composer) Mar 17, 2026
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical... Low Unreviewed
CVE-2025-31703 was published Mar 18, 2026
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local... Low Unreviewed
CVE-2008-3775 was published May 2, 2022
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through... Low Unreviewed
CVE-2023-25176 was published Mar 4, 2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type... Low Unreviewed
CVE-2023-49602 was published Mar 4, 2024
Rack Header Parsing leads to Possible Denial of Service Vulnerability Low
CVE-2024-26146 was published for rack (RubyGems) Feb 28, 2024
SValkanov Credited to SValkanov
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath Credited to G-Rath, levpachmanov, dotboris, and iFreilicht levpachmanov levpachmanov
dotboris dotboris iFreilicht iFreilicht
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-48680 was published Feb 27, 2024
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage.... Low Unreviewed
CVE-2023-48679 was published Feb 27, 2024
ASA-2024-004: Default configuration param for Evidence may limit window of validity Low
GHSA-555p-m4v6-cqxv was published for github.com/cometbft/cometbft (Go) Feb 28, 2024
Rack has possible DoS Vulnerability with Range Header Low
CVE-2024-26141 was published for rack (RubyGems) Feb 28, 2024
ooooooo-q Credited to ooooooo-q
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following... Low Unreviewed
CVE-2023-48681 was published Feb 27, 2024
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by... Low Unreviewed
CVE-2024-0325 was published Feb 2, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch Low
CVE-2024-24758 was published for undici (npm) Feb 16, 2024
T1m0n0 Credited to T1m0n0 and mcollina mcollina mcollina
In VPU, there is a possible use-after-free read due to a race condition. This could lead to local... Low Unreviewed
CVE-2026-0121 was published Mar 10, 2026
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP... Low Unreviewed
CVE-2026-4359 was published Mar 17, 2026
astral-tokio-tar insufficiently validates PAX extensions during extraction Low
CVE-2026-32766 was published for astral-tokio-tar (Rust) Mar 17, 2026
woodruffw Credited to woodruffw and xokdvium xokdvium xokdvium
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database