Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,413
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,656
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

10,369 advisories

Loading
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is... Moderate Unreviewed
CVE-2026-5666 was published Apr 6, 2026
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling Moderate
GHSA-4w7w-66w2-5vf9 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, Ochk0, and bluwy Ochk0 Ochk0
bluwy bluwy
Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket High
CVE-2026-39363 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, CodeAnt-AI-Security, tronglinh23, and bluwy CodeAnt-AI-Security CodeAnt-AI-Security
tronglinh23 tronglinh23 bluwy bluwy
A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted... Moderate Unreviewed
CVE-2026-5650 was published Apr 6, 2026
A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some... Moderate Unreviewed
CVE-2026-5601 was published Apr 6, 2026
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown... Moderate Unreviewed
CVE-2026-5585 was published Apr 5, 2026
A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted... Moderate Unreviewed
CVE-2026-5571 was published Apr 5, 2026
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php Moderate
CVE-2026-35452 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php Moderate
CVE-2026-35449 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries High
CVE-2026-35442 was published for directus (npm) Apr 4, 2026
Directus: Sensitive fields exposed in revision history Moderate
GHSA-mvv8-v4jj-g47j was published for directus (npm) Apr 4, 2026
Directus: GraphQL Schema SDL Disclosure Setting Moderate
CVE-2026-35413 was published for directus (npm) Apr 4, 2026
bugbunny-research Credited to bugbunny-research and odgrso odgrso odgrso
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass Low
CVE-2026-35038 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability Moderate
GHSA-hr8g-2q7x-3f4w was published for openclaw (npm) Apr 3, 2026
topsec-bunney Credited to topsec-bunney
OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get Moderate
GHSA-jjw7-3vjf-fg5j was published for openclaw (npm) Apr 2, 2026
ccreater222 Credited to ccreater222
Rack::Static prefix matching can expose unintended files under the static root High
CVE-2026-34785 was published for rack (RubyGems) Apr 2, 2026
th4s1s Credited to th4s1s, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability... Moderate Unreviewed
CVE-2026-5413 was published Apr 2, 2026
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up... High Unreviewed
CVE-2026-5032 was published Apr 2, 2026
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback Low
CVE-2026-34969 was published for github.com/nhost/nhost (Go) Apr 1, 2026
0xkakash1 Credited to 0xkakash1
AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect Low
CVE-2026-34518 was published for aiohttp (pip) Apr 1, 2026
uug4na Credited to uug4na and Dreamsorcerer Dreamsorcerer Dreamsorcerer
Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote... Moderate Unreviewed
CVE-2026-5291 was published Apr 1, 2026
The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS ... Moderate Unreviewed
CVE-2026-2696 was published Apr 1, 2026
The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to... Moderate Unreviewed
CVE-2026-3774 was published Apr 1, 2026
XenForo before 2.3.7 allows information disclosure via local account page caching on shared... Moderate Unreviewed
CVE-2025-71280 was published Apr 1, 2026
OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure High
GHSA-jccr-rrw2-vc8h was published for openclaw (npm) Mar 31, 2026
nicky-cc Credited to nicky-cc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database