Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,280 advisories

Loading
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that... High Unreviewed
CVE-2025-15617 was published Mar 27, 2026
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote... High Unreviewed
CVE-2025-13478 was published Mar 27, 2026
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status Moderate
GHSA-ppwq-6v66-5m6j was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL Moderate
CVE-2026-33182 was published for saloonphp/saloon (Composer) Mar 25, 2026
HuajiHD Credited to HuajiHD, JonPurvis, and Sammyjo20 JonPurvis JonPurvis
Sammyjo20 Sammyjo20
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to... Moderate Unreviewed
CVE-2025-36440 was published Mar 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain... Moderate Unreviewed
CVE-2025-14790 was published Mar 25, 2026
Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an... High Unreviewed
CVE-2025-64998 was published Mar 24, 2026
Duplicate Advisory: OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
GHSA-8mr2-f9wf-hcfq was published for openclaw (npm) Mar 21, 2026 withdrawn
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-28204 was published Mar 21, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-31926 was published Mar 21, 2026
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate... High Unreviewed
CVE-2026-23658 was published Mar 19, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers High
CVE-2026-32634 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` Critical
CVE-2026-32633 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
IncusOS has a LUKS encryption bypass due to insufficient TPM policy High
CVE-2026-32606 was published for github.com/lxc/incus-os/incus-osd (Go) Mar 16, 2026
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a... Moderate Unreviewed
CVE-2026-3783 was published Mar 11, 2026
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects High
CVE-2026-32913 was published for openclaw (npm) Mar 9, 2026
Rickidevs Credited to Rickidevs
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-27027 was published Mar 6, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-27777 was published Mar 6, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-27770 was published Mar 6, 2026
Unnecessary transmission of sensitive cryptographic material. The following products are affected... Moderate Unreviewed
CVE-2026-28714 was published Mar 6, 2026
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for... High Unreviewed
CVE-2026-29128 was published Mar 5, 2026
OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
CVE-2026-32897 was published for openclaw (npm) Mar 3, 2026
Rancher doesn't properly sanitize credentials in cluster template answers Critical
CVE-2021-36783 was published for github.com/rancher/rancher (Go) Mar 3, 2026
In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC... Moderate Unreviewed
CVE-2026-0689 was published Mar 2, 2026
In preloader, there is a possible read of device unique identifiers due to a logic error. This... Moderate Unreviewed
CVE-2026-20435 was published Mar 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database