GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,096
Composer 5,762
Erlang 55
GitHub Actions 50
Go 3,722
Maven 6,532
npm 6,035
NuGet 935
pip 4,946
Pub 13
RubyGems 1,055
Rust 1,338
Swift 54

Unreviewed advisories

All unreviewed 300,983

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,916 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Spring Cloud Config allows applications to serve arbitrary text and binary files through the... Critical Unreviewed

CVE-2026-40982 was published May 7, 2026

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing... Critical Unreviewed

CVE-2026-43585 was published May 6, 2026

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in... Critical Unreviewed

CVE-2026-43575 was published May 6, 2026

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where... Critical Unreviewed

CVE-2026-43578 was published May 6, 2026

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox... Critical Unreviewed

CVE-2026-43581 was published May 6, 2026

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and... Critical Unreviewed

CVE-2026-44109 was published May 6, 2026

Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to... Critical Unreviewed

CVE-2026-7908 was published May 6, 2026

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal)... Critical Unreviewed

CVE-2026-0300 was published May 6, 2026

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment... Critical Unreviewed

CVE-2026-7875 was published May 6, 2026

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are... Critical Unreviewed

CVE-2026-5081 was published May 6, 2026

Missing invocation of Servlet http web request method changeSessionId after session binding can... Critical Unreviewed

CVE-2026-40010 was published May 6, 2026

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp... Critical Unreviewed

CVE-2026-28780 was published May 6, 2026

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user... Critical Unreviewed

CVE-2026-38428 was published May 5, 2026

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker... Critical Unreviewed

CVE-2026-38431 was published May 5, 2026

OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature... Critical Unreviewed

CVE-2026-38429 was published May 5, 2026

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path... Critical Unreviewed

CVE-2026-7411 was published May 5, 2026

The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD... Critical Unreviewed

CVE-2026-36356 was published May 5, 2026

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0... Critical Unreviewed

CVE-2026-34408 was published May 5, 2026

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in... Critical Unreviewed

CVE-2023-54342 was published May 5, 2026

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows... Critical Unreviewed

CVE-2023-54344 was published May 5, 2026

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2026-40797 was published May 5, 2026

The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and... Critical Unreviewed

CVE-2026-5294 was published May 5, 2026

The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to,... Critical Unreviewed

CVE-2025-13618 was published May 5, 2026

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions... Critical Unreviewed

CVE-2026-5722 was published May 5, 2026

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection... Critical Unreviewed

CVE-2026-41923 was published May 4, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,916 advisories