Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

509 advisories

Loading
Sentry's improper authentication on SAML SSO process allows user identity linking Critical
CVE-2026-42354 was published for sentry (pip) Apr 30, 2026
jaydns Credited to jaydns
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to... High Unreviewed
CVE-2025-50328 was published Apr 29, 2026
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows... Critical Unreviewed
CVE-2018-25316 was published Apr 29, 2026
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows... Critical Unreviewed
CVE-2018-25318 was published Apr 29, 2026
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness... Critical Unreviewed
CVE-2018-25317 was published Apr 29, 2026
Traefik: Pre-authentication decision bypass due to forwarded alias spoofing High
CVE-2026-39858 was published for github.com/traefik/traefik (Go) Apr 24, 2026
fancymalware Credited to fancymalware
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150,... Moderate Unreviewed
CVE-2026-6762 was published Apr 21, 2026
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any... High Unreviewed
CVE-2026-22734 was published Apr 17, 2026
OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing Critical
CVE-2026-40575 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Apr 15, 2026
iamnoooob Credited to iamnoooob
OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode Critical
CVE-2026-34457 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Apr 14, 2026
iamnoooob Credited to iamnoooob
Duplicate Advisory: OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals Moderate
GHSA-hgwr-wr8h-rxm7 was published for openclaw (npm) Apr 10, 2026 withdrawn
Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service High
CVE-2026-39959 was published for Tmds.DBus (NuGet) Apr 8, 2026
LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header Moderate
CVE-2026-39411 was published for @lobehub/lobehub (npm) Apr 8, 2026
13ernkastel Credited to 13ernkastel
Django vulnerable to ASGI header spoofing via underscore/hyphen conflation High
CVE-2026-3902 was published for Django (pip) Apr 7, 2026
Auth0OAuthenticator has an Authentication Bypass via Unverified Email Claims High
CVE-2026-33175 was published for oauthenticator (pip) Apr 3, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
Electron: Service worker can spoof executeJavaScript IPC replies Moderate
CVE-2026-34778 was published for electron (npm) Apr 3, 2026
OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing High
CVE-2026-41299 was published for openclaw (npm) Mar 31, 2026
zpbrent Credited to zpbrent
Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField Moderate
CVE-2026-33433 was published for github.com/traefik/traefik/v2 (Go) Mar 27, 2026
0xVijay Credited to 0xVijay
OpenClaw: Forwarding header spoofing bypasses gateway.trustedProxies origin detection Moderate
CVE-2026-35656 was published for openclaw (npm) Mar 26, 2026
lintsinghua Credited to lintsinghua
OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals Moderate
CVE-2026-35622 was published for openclaw (npm) Mar 26, 2026
WeChat Pay callback signature verification bypassed when Host header is localhost High
CVE-2026-33661 was published for yansongda/pay (Composer) Mar 25, 2026
Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows... Moderate Unreviewed
CVE-2026-32492 was published Mar 25, 2026
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce... High Unreviewed
CVE-2026-24372 was published Mar 25, 2026
In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account... Critical Unreviewed
CVE-2025-59707 was published Mar 25, 2026
In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables... Critical Unreviewed
CVE-2025-59706 was published Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database