Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,287 advisories

Loading
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-20791 was published Feb 27, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-27773 was published Feb 27, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-22878 was published Feb 27, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-25774 was published Feb 27, 2026
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a... Moderate Unreviewed
CVE-2026-21660 was published Feb 27, 2026
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret Low
CVE-2026-27167 was published for gradio (pip) Mar 1, 2026
tenbbughunters Credited to tenbbughunters
In preloader, there is a possible read of device unique identifiers due to a logic error. This... Moderate Unreviewed
CVE-2026-20435 was published Mar 2, 2026
In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC... Moderate Unreviewed
CVE-2026-0689 was published Mar 2, 2026
Rancher doesn't properly sanitize credentials in cluster template answers Critical
CVE-2021-36783 was published for github.com/rancher/rancher (Go) Mar 3, 2026
OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
CVE-2026-32897 was published for openclaw (npm) Mar 3, 2026
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for... High Unreviewed
CVE-2026-29128 was published Mar 5, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-27770 was published Mar 6, 2026
Unnecessary transmission of sensitive cryptographic material. The following products are affected... Moderate Unreviewed
CVE-2026-28714 was published Mar 6, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-27027 was published Mar 6, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-27777 was published Mar 6, 2026
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects High
CVE-2026-32913 was published for openclaw (npm) Mar 9, 2026
Rickidevs Credited to Rickidevs
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a... Moderate Unreviewed
CVE-2026-3783 was published Mar 11, 2026
A vulnerability allowing a low-privileged user to extract saved SSH credentials. High Unreviewed
CVE-2026-21670 was published Mar 12, 2026
IncusOS has a LUKS encryption bypass due to insufficient TPM policy High
CVE-2026-32606 was published for github.com/lxc/incus-os/incus-osd (Go) Mar 16, 2026
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` Critical
CVE-2026-32633 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers High
CVE-2026-32634 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate... High Unreviewed
CVE-2026-23658 was published Mar 19, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-28204 was published Mar 21, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-31926 was published Mar 21, 2026
Duplicate Advisory: OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
GHSA-8mr2-f9wf-hcfq was published for openclaw (npm) Mar 21, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database