Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Loading
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering Low
CVE-2026-40109 was published for github.com/fluxcd/notification-controller (Go) Apr 10, 2026
saroj345 Credited to saroj345
OpenClaw: Zalo replay dedupe cache could suppress events across authenticated webhook targets Low
GHSA-fqrj-m88p-qf3v was published for openclaw (npm) Apr 7, 2026
nexrin Credited to nexrin and KeenSecurityLab KeenSecurityLab KeenSecurityLab
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this... Low Unreviewed
CVE-2026-4583 was published Mar 23, 2026
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N.... Low Unreviewed
CVE-2026-4582 was published Mar 23, 2026
A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an... Low Unreviewed
CVE-2026-2756 was published Mar 21, 2026
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02... Low Unreviewed
CVE-2026-1524 was published Mar 11, 2026
Craft CMS has a potential information disclosure vulnerability in preview tokens Low
CVE-2026-29113 was published for craftcms/cms (Composer) Mar 10, 2026
singetu0096 Credited to singetu0096
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function... Low Unreviewed
CVE-2026-3194 was published Feb 25, 2026
A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by... Low Unreviewed
CVE-2026-1743 was published Feb 2, 2026
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for... Low Unreviewed
CVE-2026-0633 was published Jan 24, 2026
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key... Low Unreviewed
CVE-2025-15224 was published Jan 8, 2026
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions Low
GHSA-wmjr-v86c-m9jj was published for better-auth (npm) Nov 26, 2025
mufeedvh Credited to mufeedvh
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform... Low Unreviewed
CVE-2025-59280 was published Oct 14, 2025
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication... Low Unreviewed
CVE-2025-0672 was published Sep 23, 2025
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023... Low Unreviewed
CVE-2023-21466 was published Sep 8, 2025
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows... Low Unreviewed
CVE-2023-21471 was published Sep 5, 2025
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token... Low Unreviewed
CVE-2025-0249 was published Jul 25, 2025
A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects... Low Unreviewed
CVE-2025-6524 was published Jun 23, 2025
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion... Low Unreviewed
CVE-2024-38822 was published Jun 13, 2025
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as... Low Unreviewed
CVE-2025-1880 was published Mar 3, 2025
There is an insufficient authentication vulnerability in some Huawei smart phone. An... Low Unreviewed
CVE-2020-9250 was published Dec 20, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing Credited to markylaing
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni Credited to 94noni and xabbuh xabbuh xabbuh
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky Credited to adityasaky
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs Low
CVE-2024-49755 was published for Duende.IdentityServer (NuGet) Oct 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database