Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

11,890 advisories

Loading
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. High Unreviewed
CVE-2026-21247 was published Feb 10, 2026
Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0... High Unreviewed
CVE-2025-22453 was published Feb 10, 2026
Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0... High Unreviewed
CVE-2025-25210 was published Feb 10, 2026
Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint High
CVE-2026-25892 was published for vrana/adminer (Composer) Feb 10, 2026
JoyGhoshs Credited to JoyGhoshs
Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD) Moderate
CVE-2026-25480 was published for litestar (pip) Feb 9, 2026
Sirdorblu Credited to Sirdorblu
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an... Moderate Unreviewed
CVE-2026-2113 was published Feb 7, 2026
Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions High
CVE-2026-25723 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection High
CVE-2026-25722 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
[actix-files] Panic triggered by empty Range header in GET request for static file Moderate
GHSA-gcqf-3g44-vc9p was published for actix-files (Rust) Feb 6, 2026
Diomendius Credited to Diomendius and JohnTitor JohnTitor JohnTitor
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth... High Unreviewed
CVE-2025-15566 was published Feb 6, 2026
A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. Moderate Unreviewed
CVE-2025-12131 was published Feb 5, 2026
n8n's domain allowlist bypass enables credential exfiltration Moderate
CVE-2026-25631 was published for n8n (npm) Feb 4, 2026
weblover12 Credited to weblover12
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply High
CVE-2026-25593 was published for openclaw (npm) Feb 4, 2026
hackerman70000 Credited to hackerman70000
n8n Vulnerable to Command Injection in Community Package Installation Critical
CVE-2026-21893 was published for n8n (npm) Feb 4, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx High
CVE-2026-1580 was published for k8s.io/ingress-nginx (Go) Feb 4, 2026
ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx High
CVE-2026-24512 was published for k8s.io/ingress-nginx (Go) Feb 4, 2026
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web... Moderate Unreviewed
CVE-2026-22220 was published Feb 3, 2026
FacturaScripts has SQL Injection in Autocomplete Actions High
CVE-2026-25514 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
When a specific function is enabled while joining a AD Domain from ADM, an improper input... Critical Unreviewed
CVE-2026-24936 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-67484 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from *... Low Unreviewed
CVE-2025-61652 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-67480 was published Feb 3, 2026
jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder High
CVE-2026-24133 was published for jspdf (npm) Feb 2, 2026
KarimTantawey Credited to KarimTantawey
jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation) Moderate
CVE-2026-24043 was published for jspdf (npm) Feb 2, 2026
KarimTantawey Credited to KarimTantawey
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database