Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

240 advisories

Loading
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0.... Critical Unreviewed
CVE-2026-34877 was published Apr 2, 2026
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains... Critical Unreviewed
CVE-2026-25212 was published Apr 2, 2026
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level... Critical Unreviewed
CVE-2026-4606 was published Mar 23, 2026
A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious... High Unreviewed
CVE-2025-69783 was published Mar 16, 2026
Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation... High Unreviewed
CVE-2025-12690 was published Mar 11, 2026
Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission... Moderate Unreviewed
CVE-2026-3315 was published Mar 10, 2026
OliveTin's RestartAction always runs actions as guest Moderate
CVE-2026-30225 was published for github.com/OliveTin/OliveTin (Go) Mar 5, 2026
Zwique Credited to Zwique
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local... Moderate Unreviewed
CVE-2026-20017 was published Mar 4, 2026
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1,... Moderate Unreviewed
CVE-2026-21424 was published Mar 4, 2026
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1,... Moderate Unreviewed
CVE-2026-21421 was published Mar 4, 2026
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1,... Moderate Unreviewed
CVE-2026-21426 was published Mar 4, 2026
OpenClaw has multiple E2E/test Dockerfiles that run all processes as root High
GHSA-w7j5-j98m-w679 was published for openclaw (npm) Mar 3, 2026
TerminalsandCoffee Credited to TerminalsandCoffee
theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution High
CVE-2026-21882 was published for theshit (Rust) Mar 2, 2026
AsfhtgkDavid Credited to AsfhtgkDavid
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an... Moderate Unreviewed
CVE-2026-20037 was published Feb 25, 2026
OpenClaw: Docker container escape via unvalidated bind mount config injection High
CVE-2026-27002 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows... Moderate Unreviewed
CVE-2025-1790 was published Feb 13, 2026
MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the... High Unreviewed
CVE-2026-0870 was published Feb 9, 2026
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user... Critical Unreviewed
CVE-2025-13375 was published Feb 4, 2026
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive... Moderate Unreviewed
CVE-2026-22549 was published Feb 4, 2026
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level... High Unreviewed
CVE-2025-58383 was published Feb 3, 2026
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated... Moderate Unreviewed
CVE-2025-58379 was published Feb 3, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an... High Unreviewed
CVE-2025-36184 was published Jan 31, 2026
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin... High Unreviewed
CVE-2026-1680 was published Jan 30, 2026
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through... Moderate Unreviewed
CVE-2025-36059 was published Jan 20, 2026
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui Credited to moyushui and b0b0haha b0b0haha b0b0haha
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database