Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

111,274 advisories

Loading
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged... High Unreviewed
CVE-2025-15587 was published Mar 16, 2026
"Functions" module in Raytha CMS allows privileged users to write custom code to add... High Unreviewed
CVE-2025-15540 was published Mar 16, 2026
Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker... High Unreviewed
CVE-2025-69240 was published Mar 16, 2026
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection... High Unreviewed
CVE-2015-20120 was published Mar 16, 2026
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow... High Unreviewed
CVE-2015-20121 was published Mar 16, 2026
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows... High Unreviewed
CVE-2016-20034 was published Mar 16, 2026
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows... High Unreviewed
CVE-2016-20033 was published Mar 16, 2026
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that... High Unreviewed
CVE-2016-20025 was published Mar 16, 2026
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several... High Unreviewed
CVE-2013-20006 was published Mar 16, 2026
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is... High Unreviewed
CVE-2026-3045 was published Mar 13, 2026
Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not... High Unreviewed
CVE-2026-3873 was published Mar 13, 2026
A broken access control may allow an authenticated user to perform a horizontal privilege... High Unreviewed
CVE-2026-3999 was published Mar 13, 2026
A flaw was identified in the RAR5 archive decompression logic of the libarchive library,... High Unreviewed
CVE-2026-4111 was published Mar 13, 2026
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote... High Unreviewed
CVE-2026-3910 was published Mar 13, 2026
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to... High Unreviewed
CVE-2026-3909 was published Mar 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-32459 was published Mar 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-32458 was published Mar 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-32422 was published Mar 13, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-32426 was published Mar 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-32433 was published Mar 13, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo... High Unreviewed
CVE-2026-32414 was published Mar 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-32418 was published Mar 13, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2026-32399 was published Mar 13, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-32400 was published Mar 13, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2026-32392 was published Mar 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database