Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,417
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,658
Pub
13
RubyGems
1,027
Rust
1,211
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,699 advisories

Loading
nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover Critical
CVE-2026-33032 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
yotampe-pluto Credited to yotampe-pluto
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated... High Unreviewed
CVE-2018-25224 was published Mar 28, 2026
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated... High Unreviewed
CVE-2018-25225 was published Mar 28, 2026
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without... Moderate Unreviewed
CVE-2026-34411 was published Mar 27, 2026
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may... Moderate Unreviewed
CVE-2026-33366 was published Mar 27, 2026
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows... Moderate Unreviewed
CVE-2026-3527 was published Mar 26, 2026
The VSL privileged helper does utilize NSXPC for IPC. The implementation of the ... High Unreviewed
CVE-2026-24068 was published Mar 26, 2026
AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment High
CVE-2026-33719 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9... Moderate Unreviewed
CVE-2026-1724 was published Mar 25, 2026
@grackle-ai/powerline Runs Without Authentication by Default Moderate
GHSA-xq7h-vwjp-5vrh was published for @grackle-ai/powerline (npm) Mar 25, 2026
SHARP routers do not perform authentication for some web APIs. The device information may be... Moderate Unreviewed
CVE-2026-32326 was published Mar 25, 2026
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show... Critical Unreviewed
CVE-2026-2417 was published Mar 24, 2026
Craft CMS: Unauthenticated Users Can Perform Restricted Project Config Sync Operations Moderate
CVE-2026-33159 was published for craftcms/cms (Composer) Mar 24, 2026
GCXWLP Credited to GCXWLP
phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2019-25632 was published Mar 24, 2026
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows... Moderate Unreviewed
CVE-2026-4649 was published Mar 24, 2026
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability,... High Unreviewed
CVE-2026-4640 was published Mar 24, 2026
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600... High Unreviewed
CVE-2025-15517 was published Mar 23, 2026
An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt... High Unreviewed
CVE-2026-31846 was published Mar 23, 2026
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege... Critical Unreviewed
CVE-2019-25568 was published Mar 21, 2026
Duplicate Advisory: OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) Moderate
GHSA-vh4c-j2xv-9pv9 was published for openclaw (npm) Mar 21, 2026 withdrawn
Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication High
GHSA-cxcw-jm67-3wwp was published for openclaw (npm) Mar 21, 2026 withdrawn
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-29796 was published Mar 21, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-25192 was published Mar 21, 2026
A missing authentication for critical function vulnerability has been reported to affect QVR Pro.... Critical Unreviewed
CVE-2026-22898 was published Mar 20, 2026
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST... Critical Unreviewed
CVE-2026-21992 was published Mar 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database