Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,522
NuGet
785
pip
4,262
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

28,384 advisories

Loading
SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal... Critical Unreviewed
CVE-2026-25069 was published Feb 1, 2026
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows... Critical Unreviewed
CVE-2020-37052 was published Jan 31, 2026
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2020-37027 was published Jan 31, 2026
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to... Critical Unreviewed
CVE-2025-51958 was published Jan 30, 2026
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2026-1723 was published Jan 30, 2026
It was identified that under certain specific preconditions, an API key that was originally... Critical Unreviewed
CVE-2024-37282 was published Jan 30, 2026
Orval has Code Injection via unsanitized x-enum-descriptions using JS comments Critical
CVE-2026-25141 was published for @orval/core (npm) Jan 30, 2026
progfay k14uz
Credited to progfay and k14uz
CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection Critical
CVE-2026-25130 was published for cai-framework (pip) Jan 30, 2026
FailButWin 0x5t
Credited to FailButWin and 0x5t
After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network... Critical Unreviewed
CVE-2025-7964 was published Jan 30, 2026
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements... Critical Unreviewed
CVE-2025-26385 was published Jan 30, 2026
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview... Critical Unreviewed
CVE-2026-1699 was published Jan 30, 2026
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty... Critical Unreviewed
CVE-2026-0963 was published Jan 30, 2026
A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint... Critical Unreviewed
CVE-2026-24728 was published Jan 30, 2026
An unrestricted upload of file with dangerous type vulnerability in the file upload function of... Critical Unreviewed
CVE-2026-24729 was published Jan 30, 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed
CVE-2026-1340 was published Jan 30, 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed
CVE-2026-1281 was published Jan 30, 2026
deepHas vulnerable to Prototype Pollution via constructor.prototype Critical
CVE-2026-25047 was published for deephas (npm) Jan 29, 2026
kevgeoleo vdata1
reallyTG
Credited to kevgeoleo, vdata1, and reallyTG
A missing authentication for critical function vulnerability in KiloView Encoder Series could... Critical Unreviewed
CVE-2026-1453 was published Jan 29, 2026
Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure) Critical
GHSA-vg9h-jx4v-cwx2 was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team
Credited to mobasi-team
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2020-37012 was published Jan 29, 2026
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE Critical
GHSA-c4jr-5q7w-f6r9 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 29, 2026
thxtech
Credited to thxtech
DotNetNuke.Core Vulnerable to Stored XSS via Module Title Critical
CVE-2026-24838 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes
Credited to bdukes
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application... Critical Unreviewed
CVE-2025-69602 was published Jan 28, 2026
Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly... Critical Unreviewed
CVE-2025-58210 was published Jan 28, 2026
Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload... Critical Unreviewed
CVE-2025-57794 was published Jan 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database