Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

383 advisories

Loading
File Browser Signup Grants Admin When Default Permissions Include Admin Critical
CVE-2026-32760 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes Critical
GHSA-rqpp-rjj8-7wv8 was published for openclaw (npm) Mar 13, 2026
LUOYEcode Credited to LUOYEcode
OpenClaw: Pairing-scoped device tokens could mint `operator.admin` and reach node RCE Critical
GHSA-4jpw-hj22-2xmc was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes Critical
GHSA-xw77-45gv-p728 was published for openclaw (npm) Mar 13, 2026
tdjackey Credited to tdjackey
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST... Critical Unreviewed
CVE-2026-2631 was published Mar 11, 2026
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface Critical
CVE-2026-30960 was published for rssn (Rust) Mar 10, 2026
panayang Credited to panayang
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc... Critical Unreviewed
CVE-2025-29165 was published Mar 5, 2026
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor... Critical Unreviewed
CVE-2026-29127 was published Mar 5, 2026
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User... Critical Unreviewed
CVE-2026-1492 was published Mar 3, 2026
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the... Critical Unreviewed
CVE-2026-0029 was published Mar 2, 2026
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and... Critical Unreviewed
CVE-2025-12981 was published Feb 27, 2026
Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148,... Critical Unreviewed
CVE-2026-2777 was published Feb 24, 2026
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148 and... Critical Unreviewed
CVE-2026-2782 was published Feb 24, 2026
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148 and... Critical Unreviewed
CVE-2026-2780 was published Feb 24, 2026
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious... Critical Unreviewed
CVE-2025-40538 was published Feb 24, 2026
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote... Critical Unreviewed
CVE-2026-26722 was published Feb 20, 2026
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to... Critical Unreviewed
CVE-2026-26725 was published Feb 20, 2026
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2026-1994 was published Feb 19, 2026
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up... Critical Unreviewed
CVE-2025-12882 was published Feb 19, 2026
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2025-13563 was published Feb 19, 2026
The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege... Critical Unreviewed
CVE-2025-13851 was published Feb 19, 2026
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to... Critical Unreviewed
CVE-2026-26369 was published Feb 15, 2026
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less... Critical Unreviewed
CVE-2025-8572 was published Feb 14, 2026
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2025-15027 was published Feb 8, 2026
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset... Critical Unreviewed
CVE-2025-15030 was published Feb 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database