Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

199 advisories

Loading
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user... Moderate Unreviewed
CVE-2023-4194 was published Aug 7, 2023
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users... Moderate Unreviewed
CVE-2024-0387 was published Feb 26, 2024
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions Moderate
CVE-2024-26267 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection High
CVE-2026-31975 was published for @siteboon/claude-code-ui (npm) Mar 11, 2026
Ethan-Yang-opcia Credited to Ethan-Yang-opcia, DhiyaneshGeek, and neo-ai-engineer DhiyaneshGeek DhiyaneshGeek
neo-ai-engineer neo-ai-engineer
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of... Critical Unreviewed
CVE-2026-28775 was published Mar 4, 2026
Microsoft ACI Confidential Containers Information Disclosure Vulnerability Moderate Unreviewed
CVE-2026-26122 was published Mar 6, 2026
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers... High Unreviewed
CVE-2018-25193 was published Mar 6, 2026
AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the... High Unreviewed
CVE-2018-25169 was published Mar 6, 2026
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise Critical
CVE-2026-26190 was published for github.com/milvus-io/milvus (Go) Feb 11, 2026
0x1f Credited to 0x1f
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default... Critical Unreviewed
CVE-2025-70998 was published Feb 18, 2026
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of... Moderate Unreviewed
CVE-2026-2617 was published Feb 17, 2026
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default High
CVE-2025-66416 was published for mcp (pip) Dec 2, 2025
JLLeitschuh Credited to JLLeitschuh
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default High
CVE-2025-66414 was published for @modelcontextprotocol/sdk (npm) Dec 2, 2025
JLLeitschuh Credited to JLLeitschuh
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration Critical
CVE-2026-25894 was published for fuxa-server (npm) Feb 5, 2026
wodzen Credited to wodzen
FUXA contains an insecure default configuration vulnerability High
CVE-2025-69970 was published for fuxa-server (npm) Feb 3, 2026
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all... Moderate Unreviewed
CVE-2026-1675 was published Feb 7, 2026
terraform-provider-proxmox has insecure sudo recommendation in the documentation High
CVE-2026-25499 was published for github.com/bpg/terraform-provider-proxmox (Go) Feb 2, 2026
lucasmaurice Credited to lucasmaurice
Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer Critical
CVE-2025-62877 was published for github.com/harvester/harvester-installer (Go) Jan 5, 2026
Misskey has a login rate limit bypass via spoofed X-Forwarded-For header Moderate
CVE-2025-66482 was published for misskey-js (npm) Dec 15, 2025
BoBeR182 Credited to BoBeR182 and saschanaz saschanaz saschanaz
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin... Critical Unreviewed
CVE-2025-56332 was published Dec 30, 2025
Incorrect configuration of replication security in the MariaDB component of the infra-operator in... Moderate Unreviewed
CVE-2025-14758 was published Dec 16, 2025
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and... Moderate Unreviewed
CVE-2025-64781 was published Dec 12, 2025
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a... High Unreviewed
CVE-2025-48621 was published Dec 8, 2025
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become... High Unreviewed
CVE-2025-48629 was published Dec 8, 2025
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers... Moderate Unreviewed
CVE-2025-52622 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database