GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,307
Composer 5,343
Erlang 44
GitHub Actions 45
Go 3,196
Maven 6,305
npm 5,177
NuGet 864
pip 4,483
Pub 12
RubyGems 992
Rust 1,186
Swift 51

Unreviewed advisories

All unreviewed 293,750

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,315 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess... Critical Unreviewed

CVE-2026-32295 was published Mar 17, 2026

The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force... Critical Unreviewed

CVE-2026-32292 was published Mar 17, 2026

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including... Critical Unreviewed

CVE-2026-32297 was published Mar 17, 2026

A condition in ScreenConnect may allow an actor with access to server-level cryptographic... Critical Unreviewed

CVE-2026-3564 was published Mar 17, 2026

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability,... Critical Unreviewed

CVE-2026-4312 was published Mar 17, 2026

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities... Critical Unreviewed

CVE-2026-4177 was published Mar 17, 2026

An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated... Critical Unreviewed

CVE-2025-69808 was published Mar 16, 2026

A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to... Critical Unreviewed

CVE-2025-69809 was published Mar 16, 2026

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2... Critical Unreviewed

CVE-2025-69902 was published Mar 16, 2026

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL... Critical Unreviewed

CVE-2025-62319 was published Mar 16, 2026

claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed

CVE-2025-15060 was published Mar 16, 2026

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability... Critical Unreviewed

CVE-2017-20224 was published Mar 16, 2026

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object... Critical Unreviewed

CVE-2017-20223 was published Mar 16, 2026

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows... Critical Unreviewed

CVE-2016-20024 was published Mar 16, 2026

ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated... Critical Unreviewed

CVE-2016-20030 was published Mar 16, 2026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that... Critical Unreviewed

CVE-2016-20026 was published Mar 16, 2026

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2026-3891 was published Mar 13, 2026

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local... Critical Unreviewed

CVE-2026-32746 was published Mar 13, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal... Critical Unreviewed

CVE-2026-32367 was published Mar 13, 2026

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... Critical Unreviewed

CVE-2026-25823 was published Mar 13, 2026

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... Critical Unreviewed

CVE-2026-25818 was published Mar 13, 2026

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions()... Critical Unreviewed

CVE-2026-22193 was published Mar 13, 2026

The Honeywell IQ4x building management controller, exposes its full web-based HMI without... Critical Unreviewed

CVE-2026-3611 was published Mar 12, 2026

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform... Critical Unreviewed

CVE-2025-70245 was published Mar 12, 2026

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the... Critical Unreviewed

CVE-2026-26793 was published Mar 12, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,315 advisories