GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
509 advisories
Filter by severity
ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a...
Low
Unreviewed
CVE-2026-48329
was published
Jul 14, 2026
nebula-mesh: Web UI host creation ignores configured enrollment token TTL and mints 24-hour bearer enrollment tokens
Moderate
CVE-2026-55513
was published
for
github.com/forgekeep/nebula-mesh
(Go)
Jul 14, 2026
Multiple connections to the backend using the same charging station ID
are allowed, which could...
High
Unreviewed
CVE-2026-44383
was published
Jul 11, 2026
nebula-mesh: Host revocation is not durable - blocked/offboarded hosts can regain a valid certificate
Moderate
CVE-2026-53602
was published
for
github.com/forgekeep/nebula-mesh
(Go)
Jul 9, 2026
Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows
Low
GHSA-2vg6-77g8-24mp
was published
for
@better-auth/scim
(npm)
Jul 7, 2026
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
High
CVE-2026-53517
was published
for
@better-auth/oauth-provider
(npm)
Jul 7, 2026
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component.
The camel...
Critical
Unreviewed
CVE-2026-46455
was published
Jul 6, 2026
A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by...
Low
Unreviewed
CVE-2026-14725
was published
Jul 5, 2026
Grackle: Fail-open authorization in the MCP tool layer lets scoped agents perform cross-task and cross-session mutations (IDOR)
High
GHSA-f9ff-5x35-7gfw
was published
for
@grackle-ai/auth
(npm)
Jul 2, 2026
OpenClaw: Mattermost slash token revocation could lag until monitor refresh
Moderate
GHSA-4m3v-q747-pc6h
was published
for
openclaw
(npm)
Jul 2, 2026
OpenClaw: Slack and Zalo webhook secrets could remain active after secrets.reload
Moderate
GHSA-275c-xpvc-jgfw
was published
for
openclaw
(npm)
Jul 2, 2026
SurrealDB: LIVE query subscriptions survive session state changes, bypassing access controls
Moderate
GHSA-4m82-p8cx-f94j
was published
for
surrealdb
(Rust)
Jul 1, 2026
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after...
High
Unreviewed
CVE-2025-36359
was published
Jun 30, 2026
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows...
Moderate
Unreviewed
CVE-2026-54479
was published
Jun 26, 2026
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions...
High
Unreviewed
CVE-2025-71335
was published
Jun 26, 2026
A flaw was found in Keycloak's client registration service. A remote attacker, possessing a...
Moderate
Unreviewed
CVE-2026-9705
was published
Jun 25, 2026
Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES
Moderate
CVE-2026-52809
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens
High
CVE-2026-49229
was published
for
@actual-app/sync-server
(npm)
Jun 22, 2026
Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17...
Moderate
Unreviewed
CVE-2026-9162
was published
Jun 22, 2026
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function...
Low
Unreviewed
CVE-2026-12796
was published
Jun 21, 2026
A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function...
Low
Unreviewed
CVE-2026-12772
was published
Jun 21, 2026
Langflow: Logout button does not clear session
Moderate
CVE-2026-55423
was published
for
langflow
(pip)
Jun 19, 2026
CoreWCF: SAML token replay protection is inoperative
Moderate
CVE-2026-54779
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider
Moderate
GHSA-wxg7-w2v3-w38g
was published
for
github.com/zitadel/zitadel
(Go)
Jun 18, 2026
Hydro: Insufficient session expiration when recreating sessions
Moderate
CVE-2026-55617
was published
for
hydrooj
(npm)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API