Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,562
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,807
Pub
13
RubyGems
1,038
Rust
1,238
Swift
53
Unreviewed advisories
All unreviewed
5,000+

432 advisories

Loading
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS... High Unreviewed
CVE-2026-20667 was published Feb 12, 2026
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4,... High Unreviewed
CVE-2025-46290 was published Feb 12, 2026
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-21510 was published Feb 10, 2026
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-21513 was published Feb 10, 2026
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie Credited to MarcoPoloPie and c0rydoras c0rydoras c0rydoras
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340 Credited to nlgbao1340
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP... Moderate Unreviewed
CVE-2026-0620 was published Feb 3, 2026
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for... Moderate Unreviewed
CVE-2026-1232 was published Feb 2, 2026
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog Credited to nnfrog
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability... High Unreviewed
CVE-2025-40536 was published Jan 28, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer Credited to nyxsorcerer
Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox <... High Unreviewed
CVE-2026-24868 was published Jan 27, 2026
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of... Low Unreviewed
CVE-2025-55249 was published Jan 19, 2026
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-20824 was published Jan 13, 2026
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147,... High Unreviewed
CVE-2026-0877 was published Jan 13, 2026
pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default" High
CVE-2025-69264 was published for pnpm (npm) Jan 7, 2026
orenyomtov Credited to orenyomtov
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip... Moderate Unreviewed
CVE-2025-15422 was published Jan 2, 2026
Picklescan Bypasses Unsafe Globals Check using pty.spawn High
GHSA-hgrh-qx5j-jfwx was published for picklescan (pip) Dec 29, 2025
yarienkiva Credited to yarienkiva
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node Critical
CVE-2025-68668 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu Credited to berkdedekarginoglu, VladimirEliTokarev, Ofekitach, and nnfrog VladimirEliTokarev VladimirEliTokarev
Ofekitach Ofekitach nnfrog nnfrog
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal ... Moderate Unreviewed
CVE-2025-59849 was published Dec 17, 2025
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An... High Unreviewed
CVE-2025-46291 was published Dec 17, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app... High Unreviewed
CVE-2025-46281 was published Dec 17, 2025
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost... Low Unreviewed
CVE-2025-13326 was published Dec 17, 2025
Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd.... High Unreviewed
CVE-2025-14304 was published Dec 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database