Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

122,497 advisories

Loading
OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths High
GHSA-48vw-m3qc-wr99 was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection High
GHSA-h5hg-h7rr-gpf3 was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution. High
GHSA-wv46-v6xc-2qhf was published for openclaw (npm) Mar 26, 2026
nexrin Credited to nexrin and KeenSecurityLab KeenSecurityLab KeenSecurityLab
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user... High Unreviewed
CVE-2025-59710 was published Apr 3, 2026
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in... High Unreviewed
CVE-2026-4326 was published Apr 9, 2026
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of... High Unreviewed
CVE-2026-5830 was published Apr 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9,... High Unreviewed
CVE-2026-5173 was published Apr 9, 2026
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function... High Unreviewed
CVE-2026-5815 was published Apr 9, 2026
ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal... High Unreviewed
CVE-2026-40027 was published Apr 9, 2026
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path... High Unreviewed
CVE-2026-40030 was published Apr 9, 2026
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed... High Unreviewed
CVE-2026-40036 was published Apr 9, 2026
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows... High Unreviewed
CVE-2026-40024 was published Apr 9, 2026
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK... High Unreviewed
CVE-2026-40029 was published Apr 9, 2026
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and... High Unreviewed
CVE-2026-40031 was published Apr 9, 2026
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in... High Unreviewed
CVE-2026-40037 was published Apr 9, 2026
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability... High Unreviewed
CVE-2026-40032 was published Apr 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9,... High Unreviewed
CVE-2026-1092 was published Apr 9, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18... High Unreviewed
CVE-2025-12664 was published Apr 9, 2026
Plexus-Utils has a Directory Traversal vulnerability in its extractFile method High
CVE-2025-67030 was published for org.codehaus.plexus:plexus-utils (Maven) Mar 25, 2026
udengaardandersent-ELS Credited to udengaardandersent-ELS and timtebeek timtebeek timtebeek
Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers High
GHSA-2m67-wjpj-xhg9 was published for tools.jackson.core:jackson-core (Maven) Apr 4, 2026
anyzy2003 Credited to anyzy2003, Adrian-Hirt, and pjfanning Adrian-Hirt Adrian-Hirt
pjfanning pjfanning
RAGAS has an Arbitrary File Read vulnerability High
CVE-2025-45691 was published for ragas (pip) Mar 5, 2026
adithyan-ak Credited to adithyan-ak
Pretext: Algorithmic Complexity (DoS) in the text analysis phase High
GHSA-5478-66c3-rhxr was published for @chenglou/pretext (npm) Apr 8, 2026
NapongiZero Credited to NapongiZero
During chain building, the amount of work that is done is not correctly limited when a large... High Unreviewed
CVE-2026-32280 was published Apr 8, 2026
The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and... High Unreviewed
CVE-2025-13801 was published Jan 7, 2026
The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in... High Unreviewed
CVE-2026-0844 was published Jan 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database