Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

466 advisories

Loading
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo High
CVE-2026-27700 was published for hono (npm) Feb 25, 2026
EdamAme-x Credited to EdamAme-x
n8n has Webhook Forgery on Zendesk Trigger Node Moderate
GHSA-38c7-23hj-2wgq was published for n8n (npm) Feb 26, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects... Critical Unreviewed
CVE-2026-2800 was published Feb 24, 2026
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to... Moderate Unreviewed
CVE-2025-3909 was published May 14, 2025
n8n: Webhook Forgery on Github Webhook Trigger Moderate
GHSA-mqpr-49jj-32rc was published for n8n (npm) Feb 26, 2026
simonkoeck Credited to simonkoeck
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order... High Unreviewed
CVE-2025-69401 was published Feb 20, 2026
Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to... Critical Unreviewed
CVE-2025-71056 was published Feb 23, 2026
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider ... High Unreviewed
CVE-2024-1524 was published Feb 24, 2026
Microsoft Edge (Chromium-based) Spoofing Vulnerability Low Unreviewed
CVE-2025-65046 was published Dec 19, 2025
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This... High Unreviewed
CVE-2024-8273 was published Dec 11, 2025
OpenClaw Telegram allowlist authorization accepted mutable usernames Moderate
GHSA-mj5r-hh7j-4gxf was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch Low
GHSA-chm2-m3w2-wcxm was published for clawdbot (npm) Feb 17, 2026
vincentkoc Credited to vincentkoc
Nextcloud Talk allowlist bypass via actor.name display name spoofing Critical
GHSA-r5h9-vjqc-hq3r was published for @openclaw/nextcloud-talk (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching Moderate
GHSA-rmxw-jxxx-4cpc was published for openclaw (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
Malicious scripts that interrupt new tab page loading could cause desynchronization between the... Moderate Unreviewed
CVE-2026-2032 was published Feb 16, 2026
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows... Moderate Unreviewed
CVE-2026-0834 was published Jan 21, 2026
FUXA Unauthenticated Remote Code Execution in Node-RED Integration Critical
CVE-2026-25938 was published for fuxa-server (npm) Feb 10, 2026
wodzen Credited to wodzen
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers High
CVE-2026-21862 was published for rustfs (Rust) Feb 3, 2026
max-r-b Credited to max-r-b and enitmar enitmar enitmar
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers... Moderate Unreviewed
CVE-2020-37056 was published Jan 31, 2026
Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin... Critical Unreviewed
CVE-2025-58595 was published Nov 6, 2025
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and... Critical Unreviewed
CVE-2026-22797 was published Jan 19, 2026
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects... Moderate Unreviewed
CVE-2026-0890 was published Jan 13, 2026
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146. High Unreviewed
CVE-2025-14327 was published Dec 9, 2025
A vulnerability was reported in ThinkPlus configuration software that could allow a local... High Unreviewed
CVE-2025-13455 was published Jan 15, 2026
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default,... High Unreviewed
CVE-2025-36753 was published Dec 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database