GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,323
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,494
Swift
61
Unreviewed advisories
All unreviewed
5,000+
597 advisories
Filter by severity
A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event...
High
Unreviewed
CVE-2026-12382
was published
Jul 15, 2026
Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation
High
CVE-2026-50141
was published
for
go.woodpecker-ci.org/woodpecker/v3
(Go)
Jul 14, 2026
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube...
Moderate
Unreviewed
CVE-2026-62644
was published
Jul 14, 2026
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing...
Moderate
Unreviewed
CVE-2026-61428
was published
Jul 11, 2026
File Browser: Authentication Bypass via Proxy Auth Header Forgery
Critical
CVE-2026-54089
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Jul 10, 2026
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module...
Low
Unreviewed
CVE-2026-8651
was published
Jul 8, 2026
n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks...
Moderate
Unreviewed
CVE-2026-56360
was published
Jul 8, 2026
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
High
CVE-2026-55501
was published
for
9router
(npm)
Jul 6, 2026
Authentication Bypass by Spoofing vulnerability in Apache IoTDB.
Certain Thrift RPC query...
Critical
Unreviewed
CVE-2026-24013
was published
Jul 6, 2026
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2026-45489
was published
Jul 3, 2026
9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
High
CVE-2026-49353
was published
for
9router
(npm)
Jul 2, 2026
OpenClaw: Matrix allowFrom could bind to mutable display names
High
CVE-2026-53811
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Slack allowFrom could bind to mutable display names
High
GHSA-c29c-2q9c-pc86
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Control UI locality spoofing could mint a durable admin device token
High
CVE-2026-53817
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers
High
GHSA-rggc-m335-3wvj
was published
for
openclaw
(npm)
Jul 2, 2026
GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward
Moderate
CVE-2026-45045
was published
for
github.com/gofiber/fiber/v2
(Go)
Jul 2, 2026
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote...
Moderate
Unreviewed
CVE-2026-14381
was published
Jul 2, 2026
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated...
High
Unreviewed
CVE-2026-58593
was published
Jul 1, 2026
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication....
Critical
Unreviewed
CVE-2026-24270
was published
Jul 1, 2026
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-14118
was published
Jul 1, 2026
Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a...
Moderate
Unreviewed
CVE-2026-13985
was published
Jul 1, 2026
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote...
Moderate
Unreviewed
CVE-2026-13984
was published
Jul 1, 2026
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path...
High
Unreviewed
CVE-2026-13207
was published
Jun 30, 2026
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author....
Critical
Unreviewed
CVE-2026-58370
was published
Jun 30, 2026
chi Has an IP Spoofing Vulnerability in `middleware.RealIP`
Moderate
GHSA-3fxj-6jh8-hvhx
was published
for
github.com/go-chi/chi/v5/middleware
(Go)
Jun 25, 2026
ProTip!
Advisories are also available from the
GraphQL API