Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

120,828 advisories

Loading
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted... High Unreviewed
CVE-2026-0708 was published Mar 17, 2026
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic... High Unreviewed
CVE-2026-4258 was published Mar 17, 2026
The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable... High Unreviewed
CVE-2026-2579 was published Mar 17, 2026
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI)... High Unreviewed
CVE-2026-29522 was published Mar 16, 2026
Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) High
CVE-2026-32813 was published for admidio/admidio (Composer) Mar 16, 2026
restriction Credited to restriction
File Upload(RCE) Vulnerability in admidio High
CVE-2026-32756 was published for admidio/admidio (Composer) Mar 16, 2026
arrester Credited to arrester
Loop with Unreachable Exit Condition ('Infinite Loop') in ewe High
GHSA-4w98-xf39-23gp was published for ewe (Erlang) Mar 16, 2026
jtdowney Credited to jtdowney
lz4_flex's decompression can leak information from uninitialized memory or reused output buffer High
GHSA-vvp9-7p8x-rfvv was published for lz4_flex (Rust) Mar 16, 2026
Marcono1234 Credited to Marcono1234
Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace High
CVE-2026-32769 was published for github.com/ctfer-io/fullchain (Go) Mar 16, 2026
ViRb3 Credited to ViRb3
Romeo is vulnerable to Archive Slip due to missing checks in sanitization High
CVE-2026-32805 was published for github.com/ctfer-io/romeo/webserver (Go) Mar 16, 2026
tanishqshah2 Credited to tanishqshah2
Monitoring is vulnerable to Archive Slip due to missing checks in sanitization High
CVE-2026-32771 was published for github.com/ctfer-io/monitoring (Go) Mar 16, 2026
tanishqshah2 Credited to tanishqshah2
Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace High
CVE-2026-32737 was published for github.com/ctfer-io/romeo/environment/deploy (Go) Mar 16, 2026
ViRb3 Credited to ViRb3
Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace High
CVE-2026-32768 was published for github.com/ctfer-io/chall-manager/deploy (Go) Mar 16, 2026
ViRb3 Credited to ViRb3
OpneClaw accepts unsanitized iMessage attachment paths which allowed SCP remote-path command injection High
GHSA-g2f6-pwvx-r275 was published for openclaw (npm) Mar 16, 2026
lintsinghua Credited to lintsinghua
OpenClaw Telegram webhook request bodies were read before secret validation, enabling unauthenticated resource exhaustion High
GHSA-jq3f-vjww-8rq7 was published for openclaw (npm) Mar 16, 2026
space08 Credited to space08
OpenClaw bootstrap setup codes could be replayed to escalate pending pairing scopes before approval High
GHSA-63f5-hhc7-cx6p was published for openclaw (npm) Mar 16, 2026
tdjackey Credited to tdjackey
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write High
CVE-2026-32749 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries High
CVE-2026-32728 was published for parse-server (npm) Mar 16, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability High
CVE-2026-32268 was published for craftcms/azure-blob (Composer) Mar 16, 2026
Neosprings Credited to Neosprings
A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the... High Unreviewed
CVE-2026-4254 was published Mar 16, 2026
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function... High Unreviewed
CVE-2026-4252 was published Mar 16, 2026
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of... High Unreviewed
CVE-2026-23862 was published Mar 16, 2026
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain... High Unreviewed
CVE-2025-69768 was published Mar 16, 2026
A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2... High Unreviewed
CVE-2025-69784 was published Mar 16, 2026
Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController High
CVE-2026-32264 was published for craftcms/cms (Composer) Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database