Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,098
Maven
5,000+
npm
4,985
NuGet
826
pip
4,425
Pub
12
RubyGems
988
Rust
1,170
Swift
50
Unreviewed advisories
All unreviewed
5,000+

319,172 advisories

Loading
GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution High
CVE-2026-29783 was published for @github/copilot (npm) Mar 6, 2026
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT Critical
CVE-2026-29000 was published for org.pac4j:pac4j-jwt (Maven) Mar 5, 2026
fritzdal Credited to fritzdal
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-28029 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-28019 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-28050 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-28023 was published Mar 5, 2026
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access... High Unreviewed
CVE-2018-25187 was published Mar 6, 2026
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25197 was published Mar 6, 2026
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2018-25190 was published Mar 6, 2026
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows... High Unreviewed
CVE-2018-25182 was published Mar 6, 2026
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash... Moderate Unreviewed
CVE-2018-25198 was published Mar 6, 2026
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2018-25186 was published Mar 6, 2026
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of... High Unreviewed
CVE-2018-25189 was published Mar 6, 2026
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers... High Unreviewed
CVE-2018-25193 was published Mar 6, 2026
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2018-25184 was published Mar 6, 2026
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to... High Unreviewed
CVE-2018-25199 was published Mar 6, 2026
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25192 was published Mar 6, 2026
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25181 was published Mar 6, 2026
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25179 was published Mar 6, 2026
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25170 was published Mar 6, 2026
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25175 was published Mar 6, 2026
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform... Critical Unreviewed
CVE-2026-26051 was published Mar 6, 2026
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication... High Unreviewed
CVE-2026-2754 was published Mar 6, 2026
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2018-25196 was published Mar 6, 2026
Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote,... Moderate Unreviewed
CVE-2026-2752 was published Mar 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database