Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,018 advisories

Loading
OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata Moderate
GHSA-7jx5-9fjg-hp4m was published for openclaw (npm) Feb 27, 2026
nedlir Credited to nedlir
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication... High Unreviewed
CVE-2026-2293 was published Feb 27, 2026
WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level High
CVE-2026-27899 was published for github.com/h44z/wg-portal (Go) Feb 26, 2026
gregtuc Credited to gregtuc
Fleet: Authorization Bypass in certificate template batch deletion for team administrators Moderate
CVE-2026-25963 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
RustFS: Missing Post Policy Validation leads to Arbitrary Object Write High
CVE-2026-27607 was published for rustfs (Rust) Feb 25, 2026
nikeee Credited to nikeee
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to... Moderate Unreviewed
CVE-2026-1768 was published Feb 24, 2026
Apache Superset Improper Authorization allows low-privileged users to bypass access controls High
CVE-2026-23982 was published for apache-superset (pip) Feb 24, 2026
Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections High
CVE-2026-23984 was published for apache-superset (pip) Feb 24, 2026
Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled Moderate
CVE-2026-26963 was published for github.com/cilium/cilium (Go) Feb 19, 2026
julianwiedmann Credited to julianwiedmann and smagnani96 smagnani96 smagnani96
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected... High Unreviewed
CVE-2026-26336 was published Feb 19, 2026
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains... High Unreviewed
CVE-2025-4960 was published Feb 19, 2026
Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints Critical
CVE-2026-27112 was published for github.com/akuity/kargo (Go) Feb 19, 2026
b0b0haha Credited to b0b0haha and krancour krancour krancour
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed... High Unreviewed
CVE-2026-1999 was published Feb 18, 2026
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu,... Moderate Unreviewed
CVE-2026-2386 was published Feb 18, 2026
opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path High
CVE-2026-26205 was published for github.com/open-policy-agent/opa-envoy-plugin (Go) Feb 18, 2026
thevilledev Credited to thevilledev
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress... Moderate Unreviewed
CVE-2026-2126 was published Feb 18, 2026
OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities Moderate
CVE-2026-26328 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch Low
GHSA-chm2-m3w2-wcxm was published for clawdbot (npm) Feb 17, 2026
vincentkoc Credited to vincentkoc
OpenClaw authorization bypass: operator.write can resolve exec approvals via chat.send -> /approve High
GHSA-mqpw-46fh-299h was published for openclaw (npm) Feb 17, 2026
yueyueL Credited to yueyueL
OpenClaw BlueBubbles webhook auth bypass via loopback proxy trust High
CVE-2026-26316 was published for @openclaw/bluebubbles (npm) Feb 17, 2026
MegaManSec Credited to MegaManSec
Gogs has a Protected Branch Deletion Bypass in Web Interface High
CVE-2026-25232 was published for gogs.io/gogs (Go) Feb 17, 2026
spingARbor Credited to spingARbor
Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels Moderate
CVE-2026-0997 was published for github.com/mattermost/mattermost-plugin-zoom (Go) Feb 16, 2026
Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts Moderate
CVE-2026-22892 was published for github.com/mattermost/mattermost-server (Go) Feb 13, 2026
Public dashboards with annotations enabled did not limit their annotation timerange to the locked... Moderate Unreviewed
CVE-2026-21722 was published Feb 12, 2026
An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2026-20624 was published Feb 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database