Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,980
Maven
5,000+
npm
4,634
NuGet
788
pip
4,321
Pub
12
RubyGems
986
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

118,888 advisories

Loading
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass... High Unreviewed
CVE-2019-25347 was published Feb 12, 2026
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass... High Unreviewed
CVE-2019-25346 was published Feb 12, 2026
Computrols CBAS-Web 19.0.0 contains a boolean-based blind SQL injection vulnerability in the 'id'... High Unreviewed
CVE-2019-25348 was published Feb 12, 2026
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3... High Unreviewed
CVE-2025-67432 was published Feb 12, 2026
Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable... High Unreviewed
CVE-2025-52533 was published Feb 12, 2026
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege... High Unreviewed
CVE-2025-54519 was published Feb 12, 2026
Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed... High Unreviewed
CVE-2023-31323 was published Feb 12, 2026
p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated... High Unreviewed
CVE-2025-69807 was published Feb 12, 2026
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute... High Unreviewed
CVE-2025-63421 was published Feb 12, 2026
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0... High Unreviewed
CVE-2025-54756 was published Feb 12, 2026
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via... High Unreviewed
CVE-2025-61879 was published Feb 12, 2026
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution. High Unreviewed
CVE-2025-61880 was published Feb 12, 2026
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a... High Unreviewed
CVE-2025-70886 was published Feb 12, 2026
CediPay Affected by Improper Input Validation in Payment Processing High
CVE-2026-26063 was published for cedipay-core (npm) Feb 12, 2026
Traefik: TCP readTimeout bypass via STARTTLS on Postgres High
CVE-2026-25949 was published for github.com/traefik/traefik/v3 (Go) Feb 12, 2026
manizada
Credited to manizada
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-13002 was published Feb 12, 2026
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a... High Unreviewed
CVE-2023-31313 was published Feb 12, 2026
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-1104 was published Feb 12, 2026
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary... High Unreviewed
CVE-2026-2005 was published Feb 12, 2026
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via... High Unreviewed
CVE-2026-2007 was published Feb 12, 2026
Missing validation of multibyte character length in PostgreSQL text manipulation allows a... High Unreviewed
CVE-2026-2006 was published Feb 12, 2026
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator... High Unreviewed
CVE-2026-2004 was published Feb 12, 2026
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-1320 was published Feb 12, 2026
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2026-1316 was published Feb 12, 2026
FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP High
CVE-2026-24895 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
AbdrrahimDahmani dunglas
Credited to AbdrrahimDahmani and dunglas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database