Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

10,344 advisories

Loading
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event... Moderate Unreviewed
CVE-2025-9907 was published Feb 27, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc.... Moderate Unreviewed
CVE-2026-24498 was published Feb 27, 2026
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users High
CVE-2026-27465 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations Moderate
CVE-2026-27457 was published for weblate (pip) Feb 26, 2026
nijel Credited to nijel
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an... High Unreviewed
CVE-2026-2244 was published Feb 26, 2026
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker... Moderate Unreviewed
CVE-2026-20133 was published Feb 25, 2026
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links High
CVE-2026-27611 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Feb 25, 2026
ByteAfterlife Credited to ByteAfterlife
Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0... Moderate Unreviewed
CVE-2026-3131 was published Feb 24, 2026
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This... High Unreviewed
CVE-2026-2783 was published Feb 24, 2026
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability... High Unreviewed
CVE-2026-2803 was published Feb 24, 2026
Apache Superset allows authenticated users to view sensitive data without explicit permissions Low
CVE-2026-23983 was published for apache-superset (pip) Feb 24, 2026
Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections High
CVE-2026-23984 was published for apache-superset (pip) Feb 24, 2026
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability... Moderate Unreviewed
CVE-2026-2975 was published Feb 23, 2026
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the... Moderate Unreviewed
CVE-2026-2976 was published Feb 23, 2026
funadmin exposes sensitive information via getMember function Moderate
CVE-2026-2894 was published for funadmin/funadmin (Composer) Feb 22, 2026
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function... Moderate Unreviewed
CVE-2026-2861 was published Feb 21, 2026
Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure,... Moderate Unreviewed
CVE-2026-2832 was published Feb 20, 2026
Feathers exposes internal headers via unencrypted session cookie High
CVE-2026-27193 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid Credited to vvxhid and b0-n0-b0 b0-n0-b0 b0-n0-b0
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2025-13113 was published Feb 19, 2026
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading High
CVE-2026-1669 was published for keras (pip) Feb 18, 2026
N3mes1s Credited to N3mes1s
uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120 Low
CVE-2026-26995 was published for github.com/refraction-networking/utls (Go) Feb 18, 2026
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who... Moderate Unreviewed
CVE-2026-20141 was published Feb 18, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud... Low Unreviewed
CVE-2026-20137 was published Feb 18, 2026
Jenkins has a build information disclosure vulnerability through Run Parameter Moderate
CVE-2026-27100 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 18, 2026
Bruceliu-rs Credited to Bruceliu-rs
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Low Unreviewed
CVE-2026-1582 was published Feb 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database