Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,700 advisories

Loading
Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions Critical
CVE-2026-27446 was published for org.apache.activemq:artemis-server (Maven) Mar 4, 2026
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables... High Unreviewed
CVE-2026-1775 was published Mar 4, 2026
OpenClaw Loopback CDP probe can leak Gateway token to local listener Moderate
CVE-2026-22174 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint Moderate
GHSA-pfv7-rr5m-qmv6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback) Moderate
CVE-2026-32896 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php Critical
CVE-2026-27012 was published for devcode-it/openstamanager (Composer) Mar 3, 2026
RunProgram Credited to RunProgram
OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure High
CVE-2026-32041 was published for openclaw (npm) Mar 2, 2026
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain... Critical Unreviewed
CVE-2025-30035 was published Mar 2, 2026
Indico has a missing access check in the event series management API Moderate
CVE-2026-28352 was published for indico (pip) Mar 1, 2026
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows... Critical Unreviewed
CVE-2026-2844 was published Feb 28, 2026
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
Amalie-Wowern Credited to Amalie-Wowern
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure. Moderate Unreviewed
CVE-2025-15567 was published Feb 27, 2026
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some... High Unreviewed
CVE-2025-15509 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-27028 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-27772 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-25851 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-27767 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-20781 was published Feb 27, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-24731 was published Feb 27, 2026
Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS... High Unreviewed
CVE-2026-27509 was published Feb 26, 2026
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control... Critical Unreviewed
CVE-2026-22207 was published Feb 26, 2026
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint Moderate
CVE-2026-24004 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Parse Dashboard has incomplete authentication on AI Agent endpoint Critical
CVE-2026-27595 was published for parse-dashboard (npm) Feb 25, 2026
ByamB4 Credited to ByamB4 and mtrezza mtrezza mtrezza
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the... Moderate Unreviewed
CVE-2026-3192 was published Feb 25, 2026
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function... Low Unreviewed
CVE-2026-3194 was published Feb 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database