Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

11,890 advisories

Loading
Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana... Moderate Unreviewed
CVE-2026-26935 was published Feb 26, 2026
TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist High
CVE-2026-27818 was published for terriajs-server (npm) Feb 26, 2026
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) Critical
CVE-2026-27702 was published for budibase (npm) Feb 25, 2026
vicevirus Credited to vicevirus
Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport High
CVE-2026-27590 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
dunglas Credited to dunglas and AbdrrahimDahmani AbdrrahimDahmani AbdrrahimDahmani
Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections Moderate
CVE-2026-27585 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
parrot409 Credited to parrot409
A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor... Moderate Unreviewed
CVE-2025-14963 was published Feb 24, 2026
Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could... Moderate Unreviewed
CVE-2026-22568 was published Feb 23, 2026
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated... High Unreviewed
CVE-2026-22567 was published Feb 23, 2026
datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache Low
CVE-2026-2970 was published for datapizza-ai-core (pip) Feb 23, 2026
funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function Low
CVE-2026-2898 was published for funadmin/funadmin (Composer) Feb 22, 2026
The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor... Moderate Unreviewed
CVE-2025-13587 was published Feb 19, 2026
Go Ethereum affected by DoS via malicious p2p message High
CVE-2026-26314 was published for github.com/ethereum/go-ethereum (Go) Feb 18, 2026
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210
Apache Tomcat - Security constraint bypass with HTTP/0.9 Low
CVE-2026-24733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210
Apache Tomcat has an Improper Input Validation vulnerability High
CVE-2026-24734 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210
A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function... Low Unreviewed
CVE-2026-2555 was published Feb 16, 2026
Bug fixes in hpke-rs, hpke-rs-rust-crypto Moderate
GHSA-g433-pq76-6cmf was published for hpke-rs (Rust) Feb 13, 2026
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows... High Unreviewed
CVE-2025-70123 was published Feb 13, 2026
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` Low
GHSA-435g-fcv3-8j26 was published for libcrux-ecdh (Rust) Feb 12, 2026
CediPay Affected by Improper Input Validation in Payment Processing High
CVE-2026-26063 was published for cedipay-core (npm) Feb 12, 2026
qs's arrayLimit bypass in comma parsing allows denial of service Low
CVE-2026-2391 was published for qs (npm) Feb 12, 2026
SharokhAtaie Credited to SharokhAtaie and ljharb ljharb ljharb
FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP High
CVE-2026-24895 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
AbdrrahimDahmani Credited to AbdrrahimDahmani and dunglas dunglas dunglas
An issue existed in the handling of environment variables. This issue was addressed with improved... Moderate Unreviewed
CVE-2026-20627 was published Feb 12, 2026
Improper input validation in Power BI allows an authorized attacker to execute code over a network. High Unreviewed
CVE-2026-21229 was published Feb 10, 2026
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose... Moderate Unreviewed
CVE-2026-21258 was published Feb 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database