Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,434
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,689
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

291 advisories

Loading
Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter Moderate
GHSA-ch86-pxr9-j9h9 was published for openclaw (npm) Apr 3, 2026 withdrawn
openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection Moderate
GHSA-vfgx-5q85-58q3 was published for openssl-encrypt (pip) Mar 31, 2026
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive... High Unreviewed
CVE-2024-51346 was published Mar 25, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable... High Unreviewed
CVE-2026-25072 was published Mar 7, 2026
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA... High Unreviewed
CVE-2026-20101 was published Mar 4, 2026
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier... Critical Unreviewed
CVE-2026-27755 was published Feb 27, 2026
Fleet: Device lock PIN can be predicted if lock time is known Moderate
CVE-2026-23999 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate... Critical Unreviewed
CVE-2026-27515 was published Feb 24, 2026
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing High
GHSA-hv93-r4j3-q65f was published for openclaw (npm) Feb 17, 2026
alpernae Credited to alpernae
When connecting to the Solax Cloud MQTT server the username is the "registration number", which... Moderate Unreviewed
CVE-2025-15574 was published Feb 12, 2026
Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness Low
GHSA-rjr4-v43m-pxq6 was published for triton-vm (Rust) Jan 21, 2026
knqyf263 Credited to knqyf263
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... Moderate Unreviewed
CVE-2025-11723 was published Jan 6, 2026
The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all... Moderate Unreviewed
CVE-2025-11707 was published Dec 13, 2025
Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478... Critical Unreviewed
CVE-2025-13955 was published Dec 10, 2025
gokey allows secret recovery from a seed file without the master password High
CVE-2025-13353 was published for github.com/cloudflare/gokey (Go) Dec 2, 2025
An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack... High Unreviewed
CVE-2024-56089 was published Dec 1, 2025
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A... High Unreviewed
CVE-2025-59371 was published Nov 25, 2025
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public... High Unreviewed
CVE-2025-13470 was published Nov 21, 2025
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12787 was published Nov 11, 2025
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not... Moderate Unreviewed
CVE-2025-6515 was published Oct 20, 2025
The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-10745 was published Sep 26, 2025
form-data uses unsafe random function in form-data for choosing boundary Critical
CVE-2025-7783 was published for form-data (npm) Jul 21, 2025
benweissmann Credited to benweissmann and ljharb ljharb ljharb
A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0.... Moderate Unreviewed
CVE-2025-6931 was published Jul 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database