Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4,214 advisories

Loading
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation Critical
CVE-2026-42560 was published for github.com/go-pkgz/auth (Go) Apr 30, 2026
Nadav0077 Credited to Nadav0077
Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation Moderate
CVE-2026-41671 was published for admidio/admidio (Composer) Apr 29, 2026
offset Credited to offset
CoreDNS has TSIG authentication bypass on gRPC and QUIC transports High
CVE-2026-35579 was published for github.com/coredns/coredns (Go) Apr 28, 2026
wnoelll Credited to wnoelll
CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC High
CVE-2026-33190 was published for github.com/coredns/coredns (Go) Apr 28, 2026
manizada Credited to manizada
MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication... Critical Unreviewed
CVE-2026-35903 was published Apr 27, 2026
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment... Moderate Unreviewed
CVE-2026-41081 was published Apr 27, 2026
A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability... Moderate Unreviewed
CVE-2026-7112 was published Apr 27, 2026
A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some... Moderate Unreviewed
CVE-2026-7113 was published Apr 27, 2026
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the... Moderate Unreviewed
CVE-2026-7042 was published Apr 27, 2026
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function... Moderate Unreviewed
CVE-2026-7022 was published Apr 26, 2026
Note Mark: OIDC-registered users authenticated by submitting password "null" Critical
CVE-2026-41571 was published for github.com/enchant97/note-mark/backend (Go) Apr 25, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access Critical
CVE-2026-41070 was published for github.com/jkroepke/openvpn-auth-oauth2 (Go) Apr 22, 2026
kkalev Credited to kkalev
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability... Moderate Unreviewed
CVE-2026-6729 was published Apr 21, 2026
A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the... Moderate Unreviewed
CVE-2026-6635 was published Apr 20, 2026
A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the... Moderate Unreviewed
CVE-2026-6588 was published Apr 20, 2026
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the... Moderate Unreviewed
CVE-2026-6582 was published Apr 20, 2026
A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown... Moderate Unreviewed
CVE-2026-6579 was published Apr 20, 2026
A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is... Moderate Unreviewed
CVE-2026-6577 was published Apr 19, 2026
A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function... Moderate Unreviewed
CVE-2026-6569 was published Apr 19, 2026
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass Critical
CVE-2026-41574 was published for github.com/nhost/nhost (Go) Apr 18, 2026
skoveit Credited to skoveit
OpenClaw: Feishu webhook and card-action validation now fail closed Critical
GHSA-xh72-v6v9-mwhc was published for openclaw (npm) Apr 17, 2026
dhyabi2 Credited to dhyabi2
Sentry: Improper authentication on SAML SSO process allows user identity linking Critical
CVE-2026-27197 was published for sentry (pip) Apr 17, 2026
Muhammad-Qasim-Munir Credited to Muhammad-Qasim-Munir
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-46607 was published Apr 17, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Moderate Unreviewed
CVE-2025-46641 was published Apr 17, 2026
Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints Critical
CVE-2026-41428 was published for @budibase/backend-core (npm) Apr 16, 2026
AyushParkara Credited to AyushParkara
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database