Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

13,677 advisories

Loading
AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php Low
CVE-2026-35448 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Parse Server: File upload Content-Type override via extension mismatch Low
CVE-2026-35200 was published for parse-server (npm) Apr 4, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Electron: Use-after-free in offscreen shared texture release() callback Low
CVE-2026-34764 was published for electron (npm) Apr 3, 2026
daffainfo Credited to daffainfo
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility,... Low Unreviewed
CVE-2026-3184 was published Apr 3, 2026
A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function... Low Unreviewed
CVE-2026-5476 was published Apr 3, 2026
A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function... Low Unreviewed
CVE-2026-5473 was published Apr 3, 2026
A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted... Low Unreviewed
CVE-2026-5471 was published Apr 3, 2026
A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This... Low Unreviewed
CVE-2026-5458 was published Apr 3, 2026
A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on... Low Unreviewed
CVE-2026-5457 was published Apr 3, 2026
A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an... Low Unreviewed
CVE-2026-5455 was published Apr 3, 2026
A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The... Low Unreviewed
CVE-2026-5456 was published Apr 3, 2026
A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an... Low Unreviewed
CVE-2026-5462 was published Apr 3, 2026
A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on... Low Unreviewed
CVE-2026-5453 was published Apr 3, 2026
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown... Low Unreviewed
CVE-2026-5454 was published Apr 3, 2026
A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability... Low Unreviewed
CVE-2026-5452 was published Apr 3, 2026
Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler Low
CVE-2026-35537 was published for roundcube/roundcubemail (Composer) Apr 3, 2026
Roundcube Webmail: Unsanitized IMAP SEARCH command arguments Low
CVE-2026-35538 was published for roundcube/roundcubemail (Composer) Apr 3, 2026
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass Low
CVE-2026-35038 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Low
GHSA-x2m8-53h4-6hch was published for openclaw (npm) Apr 3, 2026
cyjhhh Credited to cyjhhh
OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config Low
GHSA-3pm9-5j7m-59vc was published for openclaw (npm) Apr 3, 2026
smaeljaish771 Credited to smaeljaish771
OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation Low
GHSA-rfqg-qgf8-xr9x was published for openclaw (npm) Apr 3, 2026
zsxsoft Credited to zsxsoft
OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Low
GHSA-37v6-fxx8-xjmx was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
Electron: Unquoted executable path in app.setLoginItemSettings on Windows Low
CVE-2026-34768 was published for electron (npm) Apr 3, 2026
Electron: USB device selection not validated against filtered device list Low
CVE-2026-34766 was published for electron (npm) Apr 3, 2026
TeleJSON: DOM XSS via unsanitised constructor name in `new Function()` Low
GHSA-ccgf-5rwj-j3hv was published for telejson (npm) Apr 2, 2026
Niccolo10 Credited to Niccolo10
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database