Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due... High Unreviewed
CVE-2026-0107 was published Mar 10, 2026
OliveTin's RestartAction always runs actions as guest Moderate
CVE-2026-30225 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway Critical
CVE-2026-28466 was published for openclaw (npm) Mar 2, 2026
222n5 Credited to 222n5
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user... High Unreviewed
CVE-2026-0021 was published Mar 2, 2026
In setupLayout of PickActivity.java, there is a possible way to start any activity as a... High Unreviewed
CVE-2026-0013 was published Mar 2, 2026
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused... High Unreviewed
CVE-2025-48646 was published Mar 2, 2026
In multiple locations, there is a possible privilege escalation due to a confused deputy. This... High Unreviewed
CVE-2026-0008 was published Mar 2, 2026
In multiple functions of MediaProvider.java, there is a possible external storage write... High Unreviewed
CVE-2025-48579 was published Mar 2, 2026
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a... High Unreviewed
CVE-2023-31313 was published Feb 12, 2026
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName High
CVE-2026-24470 was published for github.com/zalando/skipper (Go) Jan 26, 2026
b0b0haha Credited to b0b0haha, moyushui, and j311yl0v3u moyushui moyushui
j311yl0v3u j311yl0v3u
SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions High
GHSA-3v2x-9xcv-2v2v was published for surrealdb (Rust) Jan 22, 2026
cure53 Credited to cure53 and geraname geraname geraname
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This... Critical Unreviewed
CVE-2025-64125 was published Jan 3, 2026
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This... Critical Unreviewed
CVE-2025-64123 was published Jan 3, 2026
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries Moderate
CVE-2025-68944 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Misconfigured Internal Proxy in runtimes-inventory-rhel8-operator Grants Standard Users Full Cluster Administrator Access High
CVE-2025-11393 was published for github.com/RedHatInsights/runtimes-inventory-operator (Go) Dec 15, 2025
In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused... Moderate Unreviewed
CVE-2025-36889 was published Dec 11, 2025
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image... High Unreviewed
CVE-2025-48628 was published Dec 8, 2025
In multiple locations, there is a possible way to alter the primary user's face unlock settings... Moderate Unreviewed
CVE-2025-48598 was published Dec 8, 2025
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from... High Unreviewed
CVE-2025-48586 was published Dec 8, 2025
In multiple functions of NotificationStation.java, there is a possible cross-profile information... High Unreviewed
CVE-2025-48555 was published Dec 8, 2025
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for... High Unreviewed
CVE-2025-48536 was published Dec 8, 2025
In multiple locations, there is a possible way to leak audio files across user profiles due to a... High Unreviewed
CVE-2025-22420 was published Dec 8, 2025
fastify-reply-from affected by bypass of reply forwarding Moderate
CVE-2025-66415 was published for @fastify/reply-from (npm) Dec 2, 2025
rozzilla Credited to rozzilla
Rack has a Possible Information Disclosure Vulnerability Moderate
CVE-2025-61780 was published for rack (RubyGems) Oct 10, 2025
leahneukirchen Credited to leahneukirchen, jeremyevans, matthewd, and ioquatix jeremyevans jeremyevans
matthewd matthewd ioquatix ioquatix
marimo vulnerable to proxy abuse of /mpl/{port}/ Moderate
GHSA-xjv7-6w92-42r7 was published for marimo (pip) Oct 1, 2025
acepace Credited to acepace
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database