Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,891
Erlang
24
GitHub Actions
39
Go
2,240
Maven
2,698
npm
2,899
NuGet
500
pip
2,728
Pub
5
RubyGems
364
Rust
889
Swift
19
Unreviewed advisories
All unreviewed
5,000+

287 advisories

Loading
The CGM CLININET application respond without essential security HTTP headers, exposing users to... Moderate Unreviewed
CVE-2025-58406 was published Mar 2, 2026
n8n has a Guardrail Node Bypass Moderate
GHSA-fvfv-ppw4-7h2w was published for n8n (npm) Feb 26, 2026
akirilov Credited to akirilov
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148,... Critical Unreviewed
CVE-2026-2761 was published Feb 24, 2026
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS... High Unreviewed
CVE-2026-20667 was published Feb 12, 2026
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4,... High Unreviewed
CVE-2025-46290 was published Feb 12, 2026
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-21513 was published Feb 10, 2026
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-21510 was published Feb 10, 2026
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie Credited to MarcoPoloPie and c0rydoras c0rydoras c0rydoras
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340 Credited to nlgbao1340
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP... Moderate Unreviewed
CVE-2026-0620 was published Feb 3, 2026
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for... Moderate Unreviewed
CVE-2026-1232 was published Feb 2, 2026
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog Credited to nnfrog
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability... High Unreviewed
CVE-2025-40536 was published Jan 28, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer Credited to nyxsorcerer
Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox <... High Unreviewed
CVE-2026-24868 was published Jan 27, 2026
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of... Low Unreviewed
CVE-2025-55249 was published Jan 19, 2026
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-20824 was published Jan 13, 2026
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147,... High Unreviewed
CVE-2026-0877 was published Jan 13, 2026
pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default" High
CVE-2025-69264 was published for pnpm (npm) Jan 7, 2026
orenyomtov Credited to orenyomtov
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip... Moderate Unreviewed
CVE-2025-15422 was published Jan 2, 2026
Picklescan Bypasses Unsafe Globals Check using pty.spawn High
GHSA-hgrh-qx5j-jfwx was published for picklescan (pip) Dec 29, 2025
yarienkiva Credited to yarienkiva
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node Critical
CVE-2025-68668 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu Credited to berkdedekarginoglu, VladimirEliTokarev, Ofekitach, and nnfrog VladimirEliTokarev VladimirEliTokarev
Ofekitach Ofekitach nnfrog nnfrog
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app... High Unreviewed
CVE-2025-46281 was published Dec 17, 2025
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal ... Moderate Unreviewed
CVE-2025-59849 was published Dec 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database