Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

631 advisories

Loading
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2018-25246 was published Apr 4, 2026
Microsoft VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows... High Unreviewed
CVE-2018-25241 was published Apr 4, 2026
A specific administrative endpoint is accessible without proper authentication, exposing device... High Unreviewed
CVE-2026-32646 was published Apr 3, 2026
AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php High
CVE-2026-34731 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated... High Unreviewed
CVE-2018-25224 was published Mar 28, 2026
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated... High Unreviewed
CVE-2018-25225 was published Mar 28, 2026
The VSL privileged helper does utilize NSXPC for IPC. The implementation of the ... High Unreviewed
CVE-2026-24068 was published Mar 26, 2026
AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment High
CVE-2026-33719 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability,... High Unreviewed
CVE-2026-4640 was published Mar 24, 2026
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600... High Unreviewed
CVE-2025-15517 was published Mar 23, 2026
An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt... High Unreviewed
CVE-2026-31846 was published Mar 23, 2026
Duplicate Advisory: OpenClaw's andbox browser noVNC observer lacked VNC authentication High
GHSA-cxcw-jm67-3wwp was published for openclaw (npm) Mar 21, 2026 withdrawn
Unauthenticated remote shutdown in nltk.app.wordnet_app High
CVE-2026-33231 was published for nltk (pip) Mar 19, 2026
leduckhuong Credited to leduckhuong
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass High
CVE-2026-33203 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
mith36 Credited to mith36
The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform... High Unreviewed
CVE-2026-24062 was published Mar 18, 2026
Keycloak: Unauthorized authentication via disabled SAML Identity Provider High
CVE-2026-2603 was published for org.keycloak:keycloak-server-spi-private (Maven) Mar 18, 2026
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment... High Unreviewed
CVE-2026-22727 was published Mar 18, 2026
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0... High Unreviewed
CVE-2026-1264 was published Mar 18, 2026
Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x... High Unreviewed
CVE-2026-3207 was published Mar 17, 2026
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments High
CVE-2026-33038 was published for wwbn/avideo (Composer) Mar 17, 2026
bugbunny-research Credited to bugbunny-research
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks... High Unreviewed
CVE-2026-32296 was published Mar 17, 2026
The GL-iNet Comet (GL-RM1) KVM does not require authentication on the UART serial console. This... High Unreviewed
CVE-2026-32291 was published Mar 17, 2026
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass... High Unreviewed
CVE-2026-3558 was published Mar 16, 2026
Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote... High Unreviewed
CVE-2017-20222 was published Mar 16, 2026
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API... High Unreviewed
CVE-2017-20220 was published Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database