Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

597 advisories

Loading
Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation High
CVE-2026-50141 was published for go.woodpecker-ci.org/woodpecker/v3 (Go) Jul 14, 2026
shivamkumarcyber Credited to shivamkumarcyber
File Browser: Authentication Bypass via Proxy Auth Header Forgery Critical
CVE-2026-54089 was published for github.com/filebrowser/filebrowser/v2 (Go) Jul 10, 2026
Akokonunes Credited to Akokonunes and neo-ai-engineer neo-ai-engineer neo-ai-engineer
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header High
CVE-2026-55501 was published for 9router (npm) Jul 6, 2026
dinhvaren Credited to dinhvaren
Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Unreviewed
CVE-2026-45489 was published Jul 3, 2026
SnailSploit Credited to SnailSploit and 0xShemesh 0xShemesh 0xShemesh
OpenClaw: Matrix allowFrom could bind to mutable display names High
CVE-2026-53811 was published for openclaw (npm) Jul 2, 2026
PhilipPhil Credited to PhilipPhil
OpenClaw: Slack allowFrom could bind to mutable display names High
GHSA-c29c-2q9c-pc86 was published for openclaw (npm) Jul 2, 2026
PhilipPhil Credited to PhilipPhil
OpenClaw: Control UI locality spoofing could mint a durable admin device token High
CVE-2026-53817 was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers High
GHSA-rggc-m335-3wvj was published for openclaw (npm) Jul 2, 2026
cantinagen Credited to cantinagen and Ellahinator Ellahinator Ellahinator
GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward Moderate
CVE-2026-45045 was published for github.com/gofiber/fiber/v2 (Go) Jul 2, 2026
TristanInSec Credited to TristanInSec, ReneWerner87, and gaby ReneWerner87 ReneWerner87
gaby gaby
chi Has an IP Spoofing Vulnerability in `middleware.RealIP` Moderate
GHSA-3fxj-6jh8-hvhx was published for github.com/go-chi/chi/v5/middleware (Go) Jun 25, 2026
Saku0512 Credited to Saku0512
ProTip! Advisories are also available from the GraphQL API