Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,864 advisories

Loading
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes Moderate
CVE-2026-0871 was published for org.keycloak:keycloak-server-spi-private (Maven) Feb 27, 2026
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations Moderate
CVE-2026-22728 was published for github.com/bitnami-labs/sealed-secrets (Go) Feb 26, 2026
1seal Credited to 1seal
n8n has an SSO Enforcement Bypass in its Self-Service Settings API Moderate
GHSA-vjf3-2gpj-233v was published for n8n (npm) Feb 26, 2026
stanislavfortaisle Credited to stanislavfortaisle
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile... Moderate Unreviewed
CVE-2026-2356 was published Feb 26, 2026
A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this... Moderate Unreviewed
CVE-2026-3187 was published Feb 25, 2026
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote... High Unreviewed
CVE-2025-63409 was published Feb 24, 2026
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access Moderate
CVE-2026-25966 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148 and... Critical Unreviewed
CVE-2026-2768 was published Feb 24, 2026
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by... Moderate Unreviewed
CVE-2026-3025 was published Feb 23, 2026
A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function... Moderate Unreviewed
CVE-2026-2979 was published Feb 23, 2026
A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function... Moderate Unreviewed
CVE-2026-2977 was published Feb 23, 2026
A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function... Moderate Unreviewed
CVE-2026-2978 was published Feb 23, 2026
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests... Critical Unreviewed
CVE-2026-21627 was published Feb 20, 2026
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose... High Unreviewed
CVE-2026-21535 was published Feb 20, 2026
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization... Moderate Unreviewed
CVE-2025-12884 was published Feb 19, 2026
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802... Moderate Unreviewed
CVE-2026-2684 was published Feb 19, 2026
A vulnerability was detected in huanzi-qch base-admin up to... Moderate Unreviewed
CVE-2026-2665 was published Feb 18, 2026
mingSoft MCMS does not properly restrict file uploads Low
CVE-2026-2666 was published for net.mingsoft:ms-mcms (Maven) Feb 18, 2026
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low... High Unreviewed
CVE-2025-70064 was published Feb 18, 2026
OpenClaw Telegram allowlist authorization accepted mutable usernames Moderate
GHSA-mj5r-hh7j-4gxf was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting High
GHSA-rq6g-px6m-c248 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities Moderate
CVE-2026-26328 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated... Moderate Unreviewed
CVE-2023-38005 was published Feb 18, 2026
OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals High
CVE-2026-26325 was published for openclaw (npm) Feb 17, 2026
christos-eth Credited to christos-eth
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database