Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
42
Go
3,138
Maven
5,000+
npm
5,000+
NuGet
831
pip
4,438
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,913 advisories

Loading
Parse Server has a protected fields bypass via dot-notation in query and sort High
CVE-2026-31872 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server has role escalation and CLP bypass via direct `_Join` table write Critical
CVE-2026-30966 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server has a protected fields bypass via logical query operators High
CVE-2026-30962 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
django-unicorn affected by component state manipulation via unvalidated attribute access Moderate
CVE-2026-31815 was published for django-unicorn (pip) Mar 11, 2026
RinZ27 Credited to RinZ27
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23... Moderate Unreviewed
CVE-2026-2742 was published Mar 10, 2026
Improper access control in Windows Projected File System allows an authorized attacker to elevate... High Unreviewed
CVE-2026-24290 was published Mar 10, 2026
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized... High Unreviewed
CVE-2026-25176 was published Mar 10, 2026
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a... High Unreviewed
CVE-2026-21262 was published Mar 10, 2026
An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may... Moderate Unreviewed
CVE-2026-22628 was published Mar 10, 2026
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to... High Unreviewed
CVE-2026-23660 was published Mar 10, 2026
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions Moderate
GHSA-9q36-67vc-rrwg was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren High
CVE-2026-30926 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 9, 2026
Zwique Credited to Zwique
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected... Moderate Unreviewed
CVE-2026-3800 was published Mar 9, 2026
A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The... Moderate Unreviewed
CVE-2026-3797 was published Mar 9, 2026
A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile... Moderate Unreviewed
CVE-2026-3748 was published Mar 8, 2026
A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function... Moderate Unreviewed
CVE-2026-3749 was published Mar 8, 2026
WeKnora has Broken Access Control - Cross-Tenant Data Exposure High
CVE-2026-30859 was published for github.com/Tencent/WeKnora (Go) Mar 6, 2026
aleister1102 Credited to aleister1102
WeKnora Vulnerable to Broken Access Control in Tenant Management Critical
CVE-2026-30855 was published for github.com/Tencent/WeKnora (Go) Mar 6, 2026
aleister1102 Credited to aleister1102
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x... High Unreviewed
CVE-2025-70363 was published Mar 6, 2026
Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure High
CVE-2026-30244 was published for plane (pip) Mar 5, 2026
Sanu1999 Credited to Sanu1999
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control... High Unreviewed
CVE-2025-70614 was published Mar 5, 2026
A broken access control vulnerability in the password reset functionality of Tata Consultancy... High Unreviewed
CVE-2026-26417 was published Mar 5, 2026
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon... High Unreviewed
CVE-2026-26418 was published Mar 5, 2026
Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion Moderate
CVE-2026-29061 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Sijisu Credited to Sijisu, aisafe-bot, and Forceu aisafe-bot aisafe-bot
Forceu Forceu
Gokapi has privilege escalation with auth token Moderate
CVE-2026-29060 was published for github.com/forceu/gokapi (Go) Mar 5, 2026
Forceu Credited to Forceu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database