Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of... Critical Unreviewed
CVE-2026-4880 was published Apr 16, 2026
CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS Critical
CVE-2026-34989 was published for ci4-cms-erp/ci4ms (Composer) Apr 3, 2026
bugmithlegend Credited to bugmithlegend and peeefour peeefour peeefour
OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Critical
CVE-2026-35663 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve Critical
CVE-2026-35639 was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to... Critical Unreviewed
CVE-2025-70888 was published Mar 25, 2026
File Browser Signup Grants Admin When Default Permissions Include Admin Critical
CVE-2026-32760 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes Critical
CVE-2026-22172 was published for openclaw (npm) Mar 13, 2026
LUOYEcode Credited to LUOYEcode
OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE Critical
GHSA-4jpw-hj22-2xmc was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes Critical
CVE-2026-32916 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST... Critical Unreviewed
CVE-2026-2631 was published Mar 11, 2026
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface Critical
CVE-2026-30960 was published for rssn (Rust) Mar 10, 2026
panayang Credited to panayang
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc... Critical Unreviewed
CVE-2025-29165 was published Mar 5, 2026
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor... Critical Unreviewed
CVE-2026-29127 was published Mar 5, 2026
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User... Critical Unreviewed
CVE-2026-1492 was published Mar 3, 2026
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the... Critical Unreviewed
CVE-2026-0029 was published Mar 2, 2026
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and... Critical Unreviewed
CVE-2025-12981 was published Feb 27, 2026
Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148,... Critical Unreviewed
CVE-2026-2777 was published Feb 24, 2026
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148 and... Critical Unreviewed
CVE-2026-2780 was published Feb 24, 2026
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148 and... Critical Unreviewed
CVE-2026-2782 was published Feb 24, 2026
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious... Critical Unreviewed
CVE-2025-40538 was published Feb 24, 2026
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to... Critical Unreviewed
CVE-2026-26725 was published Feb 20, 2026
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote... Critical Unreviewed
CVE-2026-26722 was published Feb 20, 2026
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2026-1994 was published Feb 19, 2026
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2025-13563 was published Feb 19, 2026
The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege... Critical Unreviewed
CVE-2025-13851 was published Feb 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database