Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,245 advisories

Loading
Vulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion ... Moderate Unreviewed
CVE-2026-21922 was published Jan 21, 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... Moderate Unreviewed
CVE-2026-21934 was published Jan 21, 2026
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2026-21936 was published Jan 21, 2026
Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX (component:... Moderate Unreviewed
CVE-2026-21931 was published Jan 21, 2026
Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences... Moderate Unreviewed
CVE-2026-21923 was published Jan 21, 2026
The poplib module, when passed a user-controlled command, can have additional commands injected... Moderate Unreviewed
CVE-2025-15367 was published Jan 21, 2026
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in ... Moderate Unreviewed
CVE-2025-58744 was published Jan 21, 2026
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). ... Moderate Unreviewed
CVE-2026-21941 was published Jan 21, 2026
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Scripting... Moderate Unreviewed
CVE-2026-21943 was published Jan 21, 2026
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). ... Moderate Unreviewed
CVE-2026-21942 was published Jan 21, 2026
A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass... Moderate Unreviewed
CVE-2026-21636 was published Jan 20, 2026
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a... Moderate Unreviewed
CVE-2026-21637 was published Jan 20, 2026
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded"... Moderate Unreviewed
CVE-2025-59466 was published Jan 20, 2026
A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields... Moderate Unreviewed
CVE-2025-59464 was published Jan 20, 2026
HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the... Moderate Unreviewed
CVE-2026-21663 was published Jan 20, 2026
HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS... Moderate Unreviewed
CVE-2026-21664 was published Jan 20, 2026
HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the ... Moderate Unreviewed
CVE-2026-21642 was published Jan 20, 2026
Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable... Moderate Unreviewed
CVE-2026-0622 was published Jan 20, 2026
binary-parser library has a code injection vulnerability Moderate
CVE-2026-1245 was published for binary-parser (npm) Jan 20, 2026
sei-vsarvepalli Credited to sei-vsarvepalli
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability Moderate
CVE-2026-22808 was published for github.com/fleetdm/fleet (Go) Jan 20, 2026
prateek-0490 Credited to prateek-0490 and iansltx iansltx iansltx
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does... Moderate Unreviewed
CVE-2025-36115 was published Jan 20, 2026
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12... Moderate Unreviewed
CVE-2025-36063 was published Jan 20, 2026
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12... Moderate Unreviewed
CVE-2025-36065 was published Jan 20, 2026
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through... Moderate Unreviewed
CVE-2025-36059 was published Jan 20, 2026
The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.1-jira9, 4.24.1... Moderate Unreviewed
CVE-2025-67824 was published Jan 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database