Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,058
Maven
5,000+
npm
4,845
NuGet
825
pip
4,397
Pub
12
RubyGems
988
Rust
1,147
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,591 advisories

Loading
OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure Moderate
GHSA-vpj2-69hf-rppw was published for openclaw (npm) Mar 2, 2026
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain... Critical Unreviewed
CVE-2025-30035 was published Mar 2, 2026
Indico has a missing access check in the event series management API Moderate
CVE-2026-28352 was published for indico (pip) Mar 1, 2026
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows... Critical Unreviewed
CVE-2026-2844 was published Feb 28, 2026
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure. Moderate Unreviewed
CVE-2025-15567 was published Feb 27, 2026
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some... High Unreviewed
CVE-2025-15509 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-27028 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-27767 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-25851 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-27772 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-24731 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-20781 was published Feb 27, 2026
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control... Critical Unreviewed
CVE-2026-22207 was published Feb 26, 2026
Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS... High Unreviewed
CVE-2026-27509 was published Feb 26, 2026
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint Moderate
CVE-2026-24004 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
Parse Dashboard has incomplete authentication on AI Agent endpoint Critical
CVE-2026-27595 was published for parse-dashboard (npm) Feb 25, 2026
ByamB4 Credited to ByamB4 and mtrezza mtrezza mtrezza
Due to missing authentication, a user with physical access to the device can misuse the mesh... Moderate Unreviewed
CVE-2026-27846 was published Feb 25, 2026
Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies... Critical Unreviewed
CVE-2026-2624 was published Feb 25, 2026
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP... High Unreviewed
CVE-2026-26340 was published Feb 24, 2026
ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints Critical
CVE-2026-27584 was published for @actual-app/sync-server (npm) Feb 24, 2026
iamsilk Credited to iamsilk
Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated... Critical Unreviewed
CVE-2025-14577 was published Feb 24, 2026
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function... Moderate Unreviewed
CVE-2026-3053 was published Feb 24, 2026
ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST... Critical Unreviewed
CVE-2026-23693 was published Feb 23, 2026
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) Moderate
CVE-2026-27482 was published for ray (pip) Feb 20, 2026
qi-scape Credited to qi-scape
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database