Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

466 advisories

Loading
n8n has Webhook Forgery on Zendesk Trigger Node Moderate
GHSA-38c7-23hj-2wgq was published for n8n (npm) Feb 26, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
n8n: Webhook Forgery on Github Webhook Trigger Moderate
GHSA-mqpr-49jj-32rc was published for n8n (npm) Feb 26, 2026
simonkoeck Credited to simonkoeck
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo High
CVE-2026-27700 was published for hono (npm) Feb 25, 2026
EdamAme-x Credited to EdamAme-x
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects... Critical Unreviewed
CVE-2026-2800 was published Feb 24, 2026
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider ... High Unreviewed
CVE-2024-1524 was published Feb 24, 2026
Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to... Critical Unreviewed
CVE-2025-71056 was published Feb 23, 2026
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order... High Unreviewed
CVE-2025-69401 was published Feb 20, 2026
OpenClaw Telegram allowlist authorization accepted mutable usernames Moderate
GHSA-mj5r-hh7j-4gxf was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch Low
GHSA-chm2-m3w2-wcxm was published for clawdbot (npm) Feb 17, 2026
vincentkoc Credited to vincentkoc
Nextcloud Talk allowlist bypass via actor.name display name spoofing Critical
GHSA-r5h9-vjqc-hq3r was published for @openclaw/nextcloud-talk (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching Moderate
GHSA-rmxw-jxxx-4cpc was published for openclaw (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
Malicious scripts that interrupt new tab page loading could cause desynchronization between the... Moderate Unreviewed
CVE-2026-2032 was published Feb 16, 2026
FUXA Unauthenticated Remote Code Execution in Node-RED Integration Critical
CVE-2026-25938 was published for fuxa-server (npm) Feb 10, 2026
wodzen Credited to wodzen
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers High
CVE-2026-21862 was published for rustfs (Rust) Feb 3, 2026
max-r-b Credited to max-r-b and enitmar enitmar enitmar
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers... Moderate Unreviewed
CVE-2020-37056 was published Jan 31, 2026
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows... Moderate Unreviewed
CVE-2026-0834 was published Jan 21, 2026
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and... Critical Unreviewed
CVE-2026-22797 was published Jan 19, 2026
A vulnerability was reported in ThinkPlus configuration software that could allow a local... High Unreviewed
CVE-2025-13455 was published Jan 15, 2026
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication... Critical Unreviewed
CVE-2025-11250 was published Jan 13, 2026
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects... Moderate Unreviewed
CVE-2026-0890 was published Jan 13, 2026
Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted... High Unreviewed
CVE-2025-62235 was published Jan 10, 2026
Shiori is vulnerable to authentication bypass via a brute force attack Moderate
CVE-2025-60538 was published for github.com/go-shiori/shiori (Go) Jan 9, 2026
n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks Moderate
CVE-2026-21894 was published for n8n (npm) Jan 7, 2026
nkoorty Credited to nkoorty, jjjutla, and geckosecurity jjjutla jjjutla
geckosecurity geckosecurity
Signal K Server Vulnerable to Access Request Spoofing Moderate
CVE-2025-69203 was published for signalk-server (npm) Jan 2, 2026
atsc11 Credited to atsc11
Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL... High Unreviewed
CVE-2025-68644 was published Dec 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database