Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
48
GitHub Actions
48
Go
3,392
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,614
Pub
13
RubyGems
1,026
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

446 advisories

Loading
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA... High Unreviewed
CVE-2026-29139 was published Apr 2, 2026
goshs has Auth Bypass via Share Token High
CVE-2026-34581 was published for github.com/patrickhener/goshs (Go) Apr 1, 2026
marduc812 Credited to marduc812
Sulu checks fix permissions for subentities endpoints Moderate
CVE-2026-34372 was published for sulu/sulu (Composer) Mar 30, 2026
sh4dowalker Credited to sh4dowalker
OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback Moderate
GHSA-rf6h-5gpw-qrgq was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Moderate
GHSA-77w2-crqv-cmv3 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
mpp has multiple payment bypass and griefing vulnerabilities Critical
GHSA-fxc9-7j2w-vx54 was published for mpp (Rust) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
mppx has multiple payment bypass and griefing vulnerabilities Critical
GHSA-8x4m-qw58-3pcx was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Moderate
GHSA-mw7w-g3mg-xqm7 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers Moderate
GHSA-9wqx-g2cw-vc7r was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
Moby has AuthZ plugin bypass when provided oversized request bodies High
CVE-2026-34040 was published for github.com/docker/docker (Go) Mar 27, 2026
vvoland Credited to vvoland and manizada manizada manizada
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker... High Unreviewed
CVE-2026-32678 was published Mar 27, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect /... Moderate Unreviewed
CVE-2026-3531 was published Mar 26, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18... Moderate Unreviewed
CVE-2026-2745 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro... High Unreviewed
CVE-2026-25406 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core... Critical Unreviewed
CVE-2026-27049 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate... High Unreviewed
CVE-2026-25357 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress &... High Unreviewed
CVE-2026-25002 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker /... Critical Unreviewed
CVE-2026-25035 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan... High Unreviewed
CVE-2026-24359 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows... Moderate Unreviewed
CVE-2026-3214 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable... High Unreviewed
CVE-2026-1917 was published Mar 25, 2026
Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and... Critical Unreviewed
CVE-2026-4700 was published Mar 24, 2026
Vikunja has a 2FA Bypass via Caldav Basic Auth Moderate
CVE-2026-33315 was published for code.vikunja.io/api (Go) Mar 20, 2026
alp1n3-dev Credited to alp1n3-dev
Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints High
CVE-2026-22733 was published for org.springframework.boot:spring-boot-starter-actuator (Maven) Mar 20, 2026
Spring Boot has an Authentication Bypass under Actuator Health groups paths High
CVE-2026-22731 was published for org.springframework.boot:spring-boot-starter-actuator (Maven) Mar 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database