Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

3,919 advisories

Loading
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be... Moderate Unreviewed
CVE-2025-13918 was published Jan 28, 2026
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password... High Unreviewed
CVE-2025-14975 was published Jan 29, 2026
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. High Unreviewed
CVE-2025-13176 was published Jan 30, 2026
Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access... Moderate Unreviewed
CVE-2025-6723 was published Jan 30, 2026
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset... Critical Unreviewed
CVE-2025-15030 was published Feb 2, 2026
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component... High Unreviewed
CVE-2025-69875 was published Feb 3, 2026
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2025-15027 was published Feb 8, 2026
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2025-15100 was published Feb 8, 2026
Craft CMS: GraphQL Asset Mutation Privilege Escalation High
CVE-2026-25497 was published for craftcms/cms (Composer) Feb 9, 2026
vitalysim
Credited to vitalysim
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate... High Unreviewed
CVE-2026-21533 was published Feb 10, 2026
Leaky JWTs in OpenMetadata exposing highly-privileged bot users High
CVE-2026-26010 was published for org.open-metadata:openmetadata-sdk (Maven) Feb 11, 2026
amfor
Credited to amfor
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17... High Unreviewed
CVE-2024-50619 was published Feb 12, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2025-46310 was published Feb 12, 2026
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune dunglas
Credited to xavierleune and dunglas
Child processes spawned by Renovate incorrectly have full access to environment variables Moderate
GHSA-8wc6-vgrq-x6cf was published for renovate (npm) Feb 13, 2026
viceice
Credited to viceice
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2026-2144 was published Feb 14, 2026
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less... Critical Unreviewed
CVE-2025-8572 was published Feb 14, 2026
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2026-1750 was published Feb 15, 2026
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to... Critical Unreviewed
CVE-2026-26369 was published Feb 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database