Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,099
Maven
5,000+
npm
4,985
NuGet
826
pip
4,425
Pub
12
RubyGems
988
Rust
1,170
Swift
50
Unreviewed advisories
All unreviewed
5,000+

28,953 advisories

Loading
The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF... Critical Unreviewed
CVE-2026-2446 was published Mar 6, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-26288 was published Mar 6, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2026-28043 was published Mar 5, 2026
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT Critical
CVE-2026-29000 was published for org.pac4j:pac4j-jwt (Maven) Mar 5, 2026
fritzdal Credited to fritzdal
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-26051 was published Mar 6, 2026
`@orpc/client` has Prototype Pollution via `StandardRPCJsonSerializer` Deserialization Critical
CVE-2026-28794 was published for @orpc/client (npm) Mar 2, 2026
mnixry Credited to mnixry
Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint Critical
CVE-2026-28508 was published for idno/known (Composer) Mar 2, 2026
anuraagbaishya Credited to anuraagbaishya
LibreNMS Information Disclosure Critical
CVE-2019-10665 was published for librenms/librenms (Composer) May 24, 2022
EMSeek Credited to EMSeek
AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction Critical
CVE-2026-28502 was published for wwbn/avideo (Composer) Mar 2, 2026
arkmarta Credited to arkmarta
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php Critical
CVE-2026-28501 was published for wwbn/avideo (Composer) Mar 2, 2026
arkmarta Credited to arkmarta
An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc... Critical Unreviewed
CVE-2025-29165 was published Mar 5, 2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform... Critical Unreviewed
CVE-2025-70229 was published Mar 5, 2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform... Critical Unreviewed
CVE-2025-70230 was published Mar 5, 2026
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST... Critical Unreviewed
CVE-2025-70231 was published Mar 5, 2026
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed... Critical Unreviewed
CVE-2026-2418 was published Mar 5, 2026
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and... Critical Unreviewed
CVE-2025-13476 was published Mar 5, 2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform... Critical Unreviewed
CVE-2025-70232 was published Mar 5, 2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform... Critical Unreviewed
CVE-2025-70233 was published Mar 5, 2026
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due... Critical Unreviewed
CVE-2026-2330 was published Mar 6, 2026
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas... Critical Unreviewed
CVE-2026-2331 was published Mar 6, 2026
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the... Critical Unreviewed
CVE-2026-0029 was published Mar 2, 2026
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache... Critical Unreviewed
CVE-2025-40931 was published Mar 5, 2026
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files... Critical Unreviewed
CVE-2025-48609 was published Mar 2, 2026
In multiple locations, there is a possible out of bounds read and write due to a heap buffer... Critical Unreviewed
CVE-2026-0006 was published Mar 2, 2026
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway Critical
CVE-2026-28466 was published for openclaw (npm) Mar 2, 2026
222n5 Credited to 222n5
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database