Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,723
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,947
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs Critical
CVE-2026-42155 was published for openmage/magento-lts (Composer) May 5, 2026
0x0OZ Credited to 0x0OZ
Spring Boot's random value property source uses a weak PRNG unsuitable for secrets Moderate
CVE-2026-40975 was published for org.springframework.boot:spring-boot-cassandra (Maven) Apr 28, 2026
DNN: Same HostGUID for all new installs Moderate
CVE-2026-40306 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
meetmandeep Credited to meetmandeep, donker, and valadas donker donker
valadas valadas
Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter Moderate
GHSA-ch86-pxr9-j9h9 was published for openclaw (npm) Apr 3, 2026 withdrawn
openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection Moderate
GHSA-vfgx-5q85-58q3 was published for openssl-encrypt (pip) Mar 31, 2026
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive... High Unreviewed
CVE-2024-51346 was published Mar 25, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable... High Unreviewed
CVE-2026-25072 was published Mar 7, 2026
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA... High Unreviewed
CVE-2026-20101 was published Mar 4, 2026
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier... Critical Unreviewed
CVE-2026-27755 was published Feb 27, 2026
Fleet: Device lock PIN can be predicted if lock time is known Moderate
CVE-2026-23999 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate... Critical Unreviewed
CVE-2026-27515 was published Feb 24, 2026
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing High
GHSA-hv93-r4j3-q65f was published for openclaw (npm) Feb 17, 2026
alpernae Credited to alpernae
When connecting to the Solax Cloud MQTT server the username is the "registration number", which... Moderate Unreviewed
CVE-2025-15574 was published Feb 12, 2026
Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness Low
GHSA-rjr4-v43m-pxq6 was published for triton-vm (Rust) Jan 21, 2026
knqyf263 Credited to knqyf263
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... Moderate Unreviewed
CVE-2025-11723 was published Jan 6, 2026
The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all... Moderate Unreviewed
CVE-2025-11707 was published Dec 13, 2025
Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478... Critical Unreviewed
CVE-2025-13955 was published Dec 10, 2025
gokey allows secret recovery from a seed file without the master password High
CVE-2025-13353 was published for github.com/cloudflare/gokey (Go) Dec 2, 2025
An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack... High Unreviewed
CVE-2024-56089 was published Dec 1, 2025
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A... High Unreviewed
CVE-2025-59371 was published Nov 25, 2025
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public... High Unreviewed
CVE-2025-13470 was published Nov 21, 2025
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12787 was published Nov 11, 2025
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not... Moderate Unreviewed
CVE-2025-6515 was published Oct 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database