Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

471 advisories

Loading
A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to... Critical Unreviewed
CVE-2026-40630 was published Apr 24, 2026
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2026-3461 was published Apr 22, 2026
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. Critical Unreviewed
CVE-2026-6768 was published Apr 21, 2026
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and... Critical Unreviewed
CVE-2026-6771 was published Apr 21, 2026
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150. Critical Unreviewed
CVE-2026-6760 was published Apr 21, 2026
HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service High
CVE-2026-3605 was published for github.com/hashicorp/vault (Go) Apr 17, 2026
Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass... High Unreviewed
CVE-2026-3324 was published Apr 16, 2026
OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex High
GHSA-pxq7-h93f-9jrg was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Apr 15, 2026
rootxharsh Credited to rootxharsh
Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication Moderate
GHSA-9gvx-vj57-vqqx was published for openclaw (npm) Apr 10, 2026 withdrawn
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction... Moderate Unreviewed
CVE-2026-35642 was published Apr 10, 2026
OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement High
GHSA-5wj5-87vq-39xm was published for openclaw (npm) Apr 9, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition... Critical Unreviewed
CVE-2026-31271 was published Apr 7, 2026
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during... Critical Unreviewed
CVE-2026-30079 was published Apr 7, 2026
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login... Critical Unreviewed
CVE-2026-31151 was published Apr 6, 2026
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity Critical
CVE-2026-33950 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
Better Auth Has Two-Factor Authentication Bypass via Premature Session Caching (session.cookieCache) Critical
GHSA-xg6x-h9c9-2m83 was published for better-auth (npm) Apr 3, 2026
TriDecent Credited to TriDecent
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... High Unreviewed
CVE-2024-44286 was published Apr 2, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA... High Unreviewed
CVE-2026-29139 was published Apr 2, 2026
goshs has Auth Bypass via Share Token High
CVE-2026-34581 was published for github.com/patrickhener/goshs (Go) Apr 1, 2026
marduc812 Credited to marduc812
Sulu checks fix permissions for subentities endpoints Moderate
CVE-2026-34372 was published for sulu/sulu (Composer) Mar 30, 2026
sh4dowalker Credited to sh4dowalker
OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Moderate
CVE-2026-35661 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback Moderate
CVE-2026-35654 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Moderate
CVE-2026-35664 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
mpp has multiple payment bypass and griefing vulnerabilities Critical
GHSA-fxc9-7j2w-vx54 was published for mpp (Rust) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
mppx has multiple payment bypass and griefing vulnerabilities Critical
GHSA-8x4m-qw58-3pcx was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database