Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,005
Maven
5,000+
npm
4,733
NuGet
788
pip
4,343
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

28,636 advisories

Loading
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions... Critical Unreviewed
CVE-2025-13942 was published Feb 24, 2026
ormar is vulnerable to SQL Injection through aggregate functions min() and max() Critical
CVE-2026-26198 was published for ormar (pip) Feb 23, 2026
AAtomical
Credited to AAtomical
ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST... Critical Unreviewed
CVE-2026-23693 was published Feb 23, 2026
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To... Critical Unreviewed
CVE-2025-70043 was published Feb 23, 2026
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated... Critical Unreviewed
CVE-2025-41002 was published Feb 23, 2026
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.  ... Critical Unreviewed
CVE-2026-23552 was published Feb 23, 2026
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online... Critical Unreviewed
CVE-2026-24494 was published Feb 23, 2026
Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit... Critical Unreviewed
CVE-2026-2588 was published Feb 23, 2026
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2026-2635 was published Feb 21, 2026
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to... Critical Unreviewed
CVE-2019-25441 was published Feb 21, 2026
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command... Critical Unreviewed
CVE-2021-35402 was published Feb 20, 2026
Traefik affected by TLS ClientAuth Bypass on HTTP/3 Critical
GHSA-gv8r-9rw9-9697 was published for github.com/traefik/traefik (Go) Feb 20, 2026
rbqvq
Credited to rbqvq
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2... Critical Unreviewed
CVE-2026-2333 was published Feb 20, 2026
The web management interface of the device allows the administrator username and password to be... Critical Unreviewed
CVE-2026-25715 was published Feb 20, 2026
A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP... Critical Unreviewed
CVE-2026-26747 was published Feb 20, 2026
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to... Critical Unreviewed
CVE-2026-26725 was published Feb 20, 2026
An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to... Critical Unreviewed
CVE-2025-70833 was published Feb 20, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-24956 was published Feb 20, 2026
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote... Critical Unreviewed
CVE-2026-26722 was published Feb 20, 2026
A Remote Code Execution (RCE) vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php... Critical Unreviewed
CVE-2025-70831 was published Feb 20, 2026
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names Critical
CVE-2026-25896 was published for fast-xml-parser (npm) Feb 20, 2026
Ochk0
Credited to Ochk0
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests... Critical Unreviewed
CVE-2026-21627 was published Feb 20, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-10970 was published Feb 20, 2026
Sensitive data disclosure and manipulation due to missing authentication. The following products... Critical Unreviewed
CVE-2025-30410 was published Feb 20, 2026
Sensitive data disclosure and manipulation due to missing authorization. The following products... Critical Unreviewed
CVE-2025-30416 was published Feb 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database