Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

10,434 advisories

Loading
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows... Moderate Unreviewed
CVE-2026-3691 was published Apr 11, 2026
PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution Moderate
CVE-2026-40159 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS Moderate
CVE-2026-40151 was published for PraisonAI (pip) Apr 10, 2026
offset Credited to offset
A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an... Low Unreviewed
CVE-2026-6000 was published Apr 10, 2026
Gramps Web API: Private Sub-Object Data in Non-Private Objects Exposed to Guest Users Moderate
GHSA-9gjv-jvm7-vv2v was published for gramps-webapi (pip) Apr 9, 2026
Wasmtime has host data leakage with 64-bit tables and Winch Low
CVE-2026-34945 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
A weakness has been identified in code-projects Patient Record Management System 1.0. This... Low Unreviewed
CVE-2026-5960 was published Apr 9, 2026
HashiCorp's go-getter library may allow arbitrary file reads High
CVE-2026-4660 was published for github.com/hashicorp/go-getter (Go) Apr 9, 2026
Apache DolphinScheduler vulnerable to sensitive information disclosure High
CVE-2025-62188 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Apr 9, 2026
A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an... Low Unreviewed
CVE-2026-5847 was published Apr 9, 2026
OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response Moderate
GHSA-68m9-983m-f3v5 was published for github.com/openfga/openfga (Go) Apr 8, 2026
bugbunny-research Credited to bugbunny-research
The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up... Moderate Unreviewed
CVE-2024-2795 was published Apr 8, 2026
PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server High
CVE-2026-39889 was published for praisonai (pip) Apr 8, 2026
srisowmya2000 Credited to srisowmya2000
LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel Moderate
CVE-2026-39412 was published for liquidjs (npm) Apr 8, 2026
tndud042713 Credited to tndud042713
The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2026-3594 was published Apr 8, 2026
LiteLLM: Password hash exposure and pass-the-hash authentication bypass High
GHSA-69x8-hrgq-fjj8 was published for litellm (pip) Apr 8, 2026
OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws:// Moderate
GHSA-83f3-hh45-vfw9 was published for openclaw (npm) Apr 7, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients Moderate
GHSA-2f7j-rp58-mr42 was published for openclaw (npm) Apr 7, 2026
topsec-bunney Credited to topsec-bunney
An issue that could allow a user with access to a credential to view sensitive fields through an... Low Unreviewed
CVE-2026-5375 was published Apr 7, 2026
An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi... Moderate Unreviewed
CVE-2026-30613 was published Apr 6, 2026
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is... Moderate Unreviewed
CVE-2026-5666 was published Apr 6, 2026
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling Moderate
CVE-2026-39365 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, Ochk0, and bluwy Ochk0 Ochk0
bluwy bluwy
Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket High
CVE-2026-39363 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, CodeAnt-AI-Security, tronglinh23, and bluwy CodeAnt-AI-Security CodeAnt-AI-Security
tronglinh23 tronglinh23 bluwy bluwy
A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted... Moderate Unreviewed
CVE-2026-5650 was published Apr 6, 2026
A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some... Moderate Unreviewed
CVE-2026-5601 was published Apr 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database