Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

129,431 advisories

Loading
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-22423 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-22394 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-22412 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-22408 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-22387 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-22428 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-22405 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-22425 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows... High Unreviewed
CVE-2026-22417 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-69339 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-69090 was published Mar 5, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-53335 was published Mar 5, 2026
The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2026-2365 was published Mar 5, 2026
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon... High Unreviewed
CVE-2025-69340 was published Mar 5, 2026
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default... High Unreviewed
CVE-2026-26034 was published Mar 5, 2026
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path... High Unreviewed
CVE-2026-26033 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility... High Unreviewed
CVE-2026-29122 was published Mar 5, 2026
IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local... High Unreviewed
CVE-2026-29125 was published Mar 5, 2026
A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC)... High Unreviewed
CVE-2026-29123 was published Mar 5, 2026
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in... High Unreviewed
CVE-2026-29126 was published Mar 5, 2026
Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore... High Unreviewed
CVE-2026-29124 was published Mar 5, 2026
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility... High Unreviewed
CVE-2026-29121 was published Mar 5, 2026
AVideo: Unauthenticated PHP session store exposed to host network via published memcached port High
CVE-2026-29093 was published for wwbn/avideo (Composer) Mar 5, 2026
bugbunny-research Credited to bugbunny-research
opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass High
CVE-2026-3125 was published for @opennextjs/cloudflare (npm) Mar 5, 2026
Ezzer17 Credited to Ezzer17
tar has Hardlink Path Traversal via Drive-Relative Linkpath High
CVE-2026-29786 was published for tar (npm) Mar 5, 2026
Jvr2022 Credited to Jvr2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database