Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,011 advisories

Loading
OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway Critical
CVE-2026-28466 was published for openclaw (npm) Mar 2, 2026
222n5 Credited to 222n5
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on... Critical Unreviewed
CVE-2026-2750 was published Feb 27, 2026
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) Critical
CVE-2026-27702 was published for budibase (npm) Feb 25, 2026
vicevirus Credited to vicevirus
n8n Vulnerable to Command Injection in Community Package Installation Critical
CVE-2026-21893 was published for n8n (npm) Feb 4, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
When a specific function is enabled while joining a AD Domain from ADM, an improper input... Critical Unreviewed
CVE-2026-24936 was published Feb 3, 2026
Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with... Critical Unreviewed
CVE-2026-24811 was published Jan 27, 2026
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59... Critical Unreviewed
CVE-2026-0903 was published Jan 20, 2026
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business... Critical Unreviewed
CVE-2025-61546 was published Jan 8, 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling Critical
CVE-2026-21858 was published for n8n (npm) Jan 7, 2026
dorattias Credited to dorattias
Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests Critical
CVE-2025-12543 was published for io.undertow:undertow-core (Maven) Jan 7, 2026
aldexis Credited to aldexis and dpogorelov dpogorelov dpogorelov
Telenium Online Web Application is vulnerable due to a Perl script that is called to load the... Critical Unreviewed
CVE-2025-8769 was published Dec 24, 2025
Weblate is vulnerable to RCE through Git config file overwrite Critical
CVE-2025-68398 was published for Weblate (pip) Dec 18, 2025
secjson Credited to secjson and nijel nijel nijel
Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will... Critical Unreviewed
CVE-2025-20393 was published Dec 17, 2025
The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2025-14156 was published Dec 15, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-61809 was published Dec 10, 2025
Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica... Critical Unreviewed
CVE-2025-66259 was published Nov 26, 2025
The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code... Critical Unreviewed
CVE-2025-63213 was published Nov 19, 2025
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no... Critical Unreviewed
CVE-2025-10460 was published Nov 17, 2025
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the... Critical Unreviewed
CVE-2025-64385 was published Oct 31, 2025
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web... Critical Unreviewed
CVE-2024-30110 was published Oct 30, 2025
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public... Critical Unreviewed
CVE-2025-61235 was published Oct 28, 2025
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload... Critical Unreviewed
CVE-2025-27224 was published Oct 27, 2025
Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19... Critical Unreviewed
CVE-2025-12275 was published Oct 26, 2025
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12285 was published Oct 26, 2025
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed
CVE-2025-12001 was published Oct 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database