Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

448 advisories

Loading
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Moderate Unreviewed
CVE-2026-34288 was published Apr 21, 2026
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware ... Moderate Unreviewed
CVE-2026-34289 was published Apr 21, 2026
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft ... Moderate Unreviewed
CVE-2026-34280 was published Apr 21, 2026
Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft ... Moderate Unreviewed
CVE-2026-34266 was published Apr 21, 2026
An improper access control vulnerability in the canonical-livepatch snap client prior to version... Moderate Unreviewed
CVE-2026-6369 was published Apr 20, 2026
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for... Moderate Unreviewed
CVE-2026-32962 was published Apr 20, 2026
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for... Moderate Unreviewed
CVE-2026-32957 was published Apr 20, 2026
OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials Moderate
GHSA-92jp-89mq-4374 was published for openclaw (npm) Apr 17, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request Moderate
GHSA-6pcv-j4jx-m4vx was published for flowise (npm) Apr 16, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7... Moderate Unreviewed
CVE-2025-53847 was published Apr 14, 2026
Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint Moderate
CVE-2026-5724 was published for go.temporal.io/server (Go) Apr 10, 2026
Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated... Moderate Unreviewed
CVE-2026-5300 was published Apr 8, 2026
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that... Moderate Unreviewed
CVE-2026-1900 was published Apr 7, 2026
AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php Moderate
CVE-2026-35450 was published for wwbn/avideo (Composer) Apr 4, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Signal K Server: Unauthenticated Source Priorities Manipulation Moderate
CVE-2026-33951 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
A specific administrative endpoint notifications is accessible without proper authentication. Moderate Unreviewed
CVE-2026-28767 was published Apr 3, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's... Moderate Unreviewed
CVE-2026-29132 was published Apr 2, 2026
HCL BigFix Platform is affected by insufficient authentication.  The application might allow... Moderate Unreviewed
CVE-2026-21767 was published Apr 2, 2026
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints Moderate
CVE-2026-34732 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic... Moderate Unreviewed
CVE-2025-67805 was published Apr 1, 2026
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the... Moderate Unreviewed
CVE-2026-34999 was published Apr 1, 2026
Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface Moderate
CVE-2026-34227 was published for github.com/bishopfox/sliver (Go) Mar 31, 2026
skoveit Credited to skoveit
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without... Moderate Unreviewed
CVE-2026-34411 was published Mar 27, 2026
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may... Moderate Unreviewed
CVE-2026-33366 was published Mar 27, 2026
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows... Moderate Unreviewed
CVE-2026-3527 was published Mar 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database