GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,184
Composer 5,320
Erlang 42
GitHub Actions 43
Go 3,164
Maven 6,299
npm 5,149
NuGet 863
pip 4,458
Pub 12
RubyGems 991
Rust 1,184
Swift 50

Unreviewed advisories

All unreviewed 293,413

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,299 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2026-3891 was published Mar 13, 2026

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local... Critical Unreviewed

CVE-2026-32746 was published Mar 13, 2026

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions()... Critical Unreviewed

CVE-2026-22193 was published Mar 13, 2026

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... Critical Unreviewed

CVE-2026-25818 was published Mar 13, 2026

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... Critical Unreviewed

CVE-2026-25823 was published Mar 13, 2026

The Honeywell IQ4x building management controller, exposes its full web-based HMI without... Critical Unreviewed

CVE-2026-3611 was published Mar 12, 2026

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the... Critical Unreviewed

CVE-2026-26793 was published Mar 12, 2026

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform... Critical Unreviewed

CVE-2025-70245 was published Mar 12, 2026

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+,... Critical Unreviewed

CVE-2026-28252 was published Mar 12, 2026

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres... Critical Unreviewed

CVE-2026-21708 was published Mar 12, 2026

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities... Critical Unreviewed

CVE-2026-26792 was published Mar 12, 2026

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the... Critical Unreviewed

CVE-2026-26791 was published Mar 12, 2026

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the... Critical Unreviewed

CVE-2026-26795 was published Mar 12, 2026

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed

CVE-2026-21669 was published Mar 12, 2026

A vulnerability allowing an authenticated user with the Backup Administrator role to perform... Critical Unreviewed

CVE-2026-21671 was published Mar 12, 2026

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed

CVE-2026-21667 was published Mar 12, 2026

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed

CVE-2026-21666 was published Mar 12, 2026

Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote... Critical Unreviewed

CVE-2026-3916 was published Mar 12, 2026

An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command... Critical Unreviewed

CVE-2025-70024 was published Mar 11, 2026

An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta... Critical Unreviewed

CVE-2025-70041 was published Mar 11, 2026

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Critical Unreviewed

CVE-2025-66956 was published Mar 11, 2026

FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload... Critical Unreviewed

CVE-2019-25471 was published Mar 11, 2026

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows... Critical Unreviewed

CVE-2019-25487 was published Mar 11, 2026

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows... Critical Unreviewed

CVE-2019-25468 was published Mar 11, 2026

Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL)... Critical Unreviewed

CVE-2018-25159 was published Mar 11, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,299 advisories