Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,413
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,656
Pub
13
RubyGems
1,027
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

204 advisories

Loading
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist Critical
CVE-2026-31818 was published for @budibase/backend-core (npm) Apr 3, 2026
Moonster8282 Credited to Moonster8282
Electron: Context Isolation bypass via contextBridge VideoFrame transfer High
CVE-2026-34780 was published for electron (npm) Apr 3, 2026
DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost High
CVE-2026-34742 was published for github.com/modelcontextprotocol/go-sdk (Go) Apr 1, 2026
JLLeitschuh Credited to JLLeitschuh
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an... High Unreviewed
CVE-2026-24148 was published Mar 31, 2026
Duplicate Advisory: OpenClaw has an improper sandbox configuration vulnerability Moderate
GHSA-q94v-v6m9-jhq9 was published for openclaw (npm) Mar 21, 2026 withdrawn
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection High
CVE-2026-31975 was published for @siteboon/claude-code-ui (npm) Mar 11, 2026
Ethan-Yang-opcia Credited to Ethan-Yang-opcia, DhiyaneshGeek, and neo-ai-engineer DhiyaneshGeek DhiyaneshGeek
neo-ai-engineer neo-ai-engineer
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the... High Unreviewed
CVE-2018-25169 was published Mar 6, 2026
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers... High Unreviewed
CVE-2018-25193 was published Mar 6, 2026
Microsoft ACI Confidential Containers Information Disclosure Vulnerability Moderate Unreviewed
CVE-2026-26122 was published Mar 6, 2026
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of... Critical Unreviewed
CVE-2026-28775 was published Mar 4, 2026
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default... Critical Unreviewed
CVE-2025-70998 was published Feb 18, 2026
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of... Moderate Unreviewed
CVE-2026-2617 was published Feb 17, 2026
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise Critical
CVE-2026-26190 was published for github.com/milvus-io/milvus (Go) Feb 11, 2026
0x1f Credited to 0x1f
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all... Moderate Unreviewed
CVE-2026-1675 was published Feb 7, 2026
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration Critical
CVE-2026-25894 was published for fuxa-server (npm) Feb 5, 2026
wodzen Credited to wodzen
FUXA contains an insecure default configuration vulnerability High
CVE-2025-69970 was published for fuxa-server (npm) Feb 3, 2026
terraform-provider-proxmox has insecure sudo recommendation in the documentation High
CVE-2026-25499 was published for github.com/bpg/terraform-provider-proxmox (Go) Feb 2, 2026
lucasmaurice Credited to lucasmaurice
Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer Critical
CVE-2025-62877 was published for github.com/harvester/harvester-installer (Go) Jan 5, 2026
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin... Critical Unreviewed
CVE-2025-56332 was published Dec 30, 2025
Incorrect configuration of replication security in the MariaDB component of the infra-operator in... Moderate Unreviewed
CVE-2025-14758 was published Dec 16, 2025
Misskey has a login rate limit bypass via spoofed X-Forwarded-For header Moderate
CVE-2025-66482 was published for misskey-js (npm) Dec 15, 2025
BoBeR182 Credited to BoBeR182 and saschanaz saschanaz saschanaz
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and... Moderate Unreviewed
CVE-2025-64781 was published Dec 12, 2025
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a... High Unreviewed
CVE-2025-48621 was published Dec 8, 2025
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become... High Unreviewed
CVE-2025-48629 was published Dec 8, 2025
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers... Moderate Unreviewed
CVE-2025-52622 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database