Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,148
Maven
5,000+
npm
5,000+
NuGet
859
pip
4,444
Pub
12
RubyGems
990
Rust
1,176
Swift
50
Unreviewed advisories
All unreviewed
5,000+

29,051 advisories

Loading
An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta... Critical Unreviewed
CVE-2025-70041 was published Mar 11, 2026
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are... Critical Unreviewed
CVE-2025-67035 was published Mar 11, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command... Critical Unreviewed
CVE-2026-25070 was published Mar 7, 2026
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers... Critical Unreviewed
CVE-2026-30741 was published Mar 11, 2026
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution... Critical Unreviewed
CVE-2026-3059 was published Mar 12, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21669 was published Mar 12, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21667 was published Mar 12, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21666 was published Mar 12, 2026
A vulnerability allowing an authenticated user with the Backup Administrator role to perform... Critical Unreviewed
CVE-2026-21671 was published Mar 12, 2026
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code... Critical Unreviewed
CVE-2026-3060 was published Mar 12, 2026
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command... Critical Unreviewed
CVE-2025-70024 was published Mar 11, 2026
AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass Critical
CVE-2026-32136 was published for github.com/AdguardTeam/AdGuardHome (Go) Mar 12, 2026
mandreko Credited to mandreko
Winter vulnerable to privilege escalation by authenticated backend users Critical
CVE-2026-27591 was published for winter/wn-backend-module (Composer) Mar 12, 2026
skyhex19 Credited to skyhex19
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows... Critical Unreviewed
CVE-2019-25487 was published Mar 11, 2026
Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL)... Critical Unreviewed
CVE-2018-25159 was published Mar 11, 2026
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload... Critical Unreviewed
CVE-2019-25471 was published Mar 11, 2026
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows... Critical Unreviewed
CVE-2019-25468 was published Mar 11, 2026
Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids... Critical Unreviewed
CVE-2025-40926 was published Mar 5, 2026
xygeni-action v5 tag poisoned with C2 backdoor Critical
CVE-2026-31976 was published for xygeni/xygeni-action (GitHub Actions) Mar 11, 2026
Nick2bad4u Credited to Nick2bad4u
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and... Critical Unreviewed
CVE-2025-70082 was published Mar 11, 2026
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Critical Unreviewed
CVE-2025-66956 was published Mar 11, 2026
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client... Critical Unreviewed
CVE-2025-67041 was published Mar 11, 2026
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL Critical
CVE-2026-31871 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters Critical
CVE-2026-31862 was published for @siteboon/claudecodeui (npm) Mar 11, 2026
toufik-airane Credited to toufik-airane and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL Critical
CVE-2026-31856 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database