Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,417
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,658
Pub
13
RubyGems
1,027
Rust
1,211
Swift
53
Unreviewed advisories
All unreviewed
5,000+

199 advisories

Loading
OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage Low
CVE-2026-31991 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch Low
GHSA-chm2-m3w2-wcxm was published for clawdbot (npm) Feb 17, 2026
vincentkoc Credited to vincentkoc
Tanium addressed an improper input validation vulnerability in Tanium Appliance. Low Unreviewed
CVE-2025-15321 was published Feb 5, 2026
Tanium addressed an improper access controls vulnerability in Interact. Low Unreviewed
CVE-2025-15288 was published Jan 29, 2026
### Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier... Low Unreviewed
CVE-2025-62487 was published Jan 10, 2026
Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts Low
CVE-2025-14986 was published for go.temporal.io/server (Go) Dec 30, 2025
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function... Low Unreviewed
CVE-2025-15124 was published Dec 28, 2025
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the... Low Unreviewed
CVE-2025-15123 was published Dec 28, 2025
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the... Low Unreviewed
CVE-2025-15126 was published Dec 28, 2025
A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function... Low Unreviewed
CVE-2025-15125 was published Dec 28, 2025
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function... Low Unreviewed
CVE-2025-15122 was published Dec 28, 2025
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the... Low Unreviewed
CVE-2025-15120 was published Dec 28, 2025
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function... Low Unreviewed
CVE-2025-15119 was published Dec 28, 2025
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. Low
CVE-2025-68940 was published for code.gitea.io/gitea (Go) Dec 26, 2025
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's... Low Unreviewed
CVE-2025-67740 was published Dec 11, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18... Low Unreviewed
CVE-2025-7736 was published Nov 15, 2025
Mattermost allows regular users to access archived channel content and files Low
CVE-2025-41436 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-11777 was published for github.com/mattermost/mattermost (Go) Nov 13, 2025
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for... Low Unreviewed
CVE-2025-11888 was published Oct 25, 2025
Mattermost has an Incorrect Authorization vulnerability Low
CVE-2025-10545 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long... Low Unreviewed
CVE-2025-59451 was published Oct 6, 2025
A regular Zabbix user can search other users in their user group via Zabbix API by select fields... Low Unreviewed
CVE-2025-27236 was published Oct 3, 2025
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to... Low Unreviewed
CVE-2025-11239 was published Oct 2, 2025
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Credited to smira and Unix4ever Unix4ever Unix4ever
Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution Low
CVE-2025-43789 was published for com.liferay:com.liferay.comment.web (Maven) Sep 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database