Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

165 advisories

Loading
@grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers Moderate
GHSA-3mjm-x6gw-2x42 was published for @grackle-ai/server (npm) Mar 25, 2026
This issue was addressed through improved state management. This issue is fixed in Safari 26.4,... Moderate Unreviewed
CVE-2026-20665 was published Mar 25, 2026
A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution Moderate
CVE-2026-33622 was published for github.com/pinchtab/pinchtab (Go) Mar 24, 2026
Yesuhei Credited to Yesuhei
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) Moderate
CVE-2026-32947 was published for step-security/harden-runner (GitHub Actions) Mar 17, 2026
devanshbatham Credited to devanshbatham
Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) Moderate
CVE-2026-32946 was published for step-security/harden-runner (GitHub Actions) Mar 17, 2026
devanshbatham Credited to devanshbatham
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed... Moderate Unreviewed
CVE-2025-52643 was published Mar 16, 2026
kora-lib: Unrecognized Instruction Types Create Empty Stubs That Bypass Fee Payer Policy Moderate
GHSA-x442-m7cc-hr92 was published for kora-lib (Rust) Mar 12, 2026
solanabughunter-glitch Credited to solanabughunter-glitch
Parse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object placement Moderate
CVE-2026-30938 was published for parse-server (npm) Mar 10, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions Moderate
CVE-2026-27646 was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container Moderate
GHSA-43x4-g22p-3hrq was published for openclaw (npm) Mar 3, 2026
TerminalsandCoffee Credited to TerminalsandCoffee
OpenClaw has a sandbox network isolation bypass via docker.network=container:<id> Moderate
CVE-2026-32038 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
The CGM CLININET application respond without essential security HTTP headers, exposing users to... Moderate Unreviewed
CVE-2025-58406 was published Mar 2, 2026
n8n has a Guardrail Node Bypass Moderate
GHSA-fvfv-ppw4-7h2w was published for n8n (npm) Feb 26, 2026
akirilov Credited to akirilov
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP... Moderate Unreviewed
CVE-2026-0620 was published Feb 3, 2026
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for... Moderate Unreviewed
CVE-2026-1232 was published Feb 2, 2026
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog Credited to nnfrog
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-20824 was published Jan 13, 2026
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip... Moderate Unreviewed
CVE-2025-15422 was published Jan 2, 2026
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal ... Moderate Unreviewed
CVE-2025-59849 was published Dec 17, 2025
The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism... Moderate Unreviewed
CVE-2025-34412 was published Dec 15, 2025
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the... Moderate Unreviewed
CVE-2025-36938 was published Dec 11, 2025
HTTP/HTTPS Traffic Interception Bypass in mad-proxy Moderate
CVE-2025-67485 was published for mad-proxy (pip) Dec 9, 2025
machphy Credited to machphy
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass... Moderate Unreviewed
CVE-2025-29864 was published Dec 3, 2025
The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass... Moderate Unreviewed
CVE-2025-11260 was published Nov 13, 2025
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an... Moderate Unreviewed
CVE-2025-62453 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database