Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,143
Maven
5,000+
npm
5,000+
NuGet
840
pip
4,439
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

126 advisories

Loading
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated... High Unreviewed
CVE-2026-3483 was published Mar 10, 2026
OneUptime has Synthetic Monitor RCE via exposed Playwright browser object Critical
CVE-2026-30957 was published for @oneuptime/common (npm) Mar 10, 2026
maru1009 Credited to maru1009
OneUptime: Synthetic Monitor RCE via exposed Playwright browser object Critical
CVE-2026-30921 was published for @oneuptime/common (npm) Mar 7, 2026
maru1009 Credited to maru1009
Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows... Critical Unreviewed
CVE-2026-30797 was published Mar 5, 2026
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This... High Unreviewed
CVE-2026-20423 was published Mar 2, 2026
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote... Critical Unreviewed
CVE-2026-22208 was published Feb 17, 2026
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise Critical
CVE-2026-26190 was published for github.com/milvus-io/milvus (Go) Feb 11, 2026
0x1f Credited to 0x1f
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing... High Unreviewed
CVE-2025-47366 was published Feb 2, 2026
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution High
CVE-2026-22812 was published for opencode-ai (npm) Jan 13, 2026
CyberShadow Credited to CyberShadow
Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools High
CVE-2025-9611 was published for @playwright/mcp (npm) Jan 7, 2026
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write High
CVE-2025-68697 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu Credited to berkdedekarginoglu
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14496 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14495 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14494 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14497 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14488 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14491 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14489 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14492 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14493 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14490 was published Dec 24, 2025
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in... Moderate Unreviewed
CVE-2025-59788 was published Dec 4, 2025
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode High
CVE-2025-64443 was published for github.com/docker/mcp-gateway (Go) Dec 3, 2025
JLLeitschuh Credited to JLLeitschuh
Memory corruption while processing request sent from GVM. High Unreviewed
CVE-2025-47353 was published Nov 4, 2025
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for... Moderate Unreviewed
CVE-2025-59403 was published Oct 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database