Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,458 advisories

Loading
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2026-1750 was published Feb 15, 2026
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2026-2144 was published Feb 14, 2026
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune dunglas
Credited to xavierleune and dunglas
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17... High Unreviewed
CVE-2024-50619 was published Feb 12, 2026
Leaky JWTs in OpenMetadata exposing highly-privileged bot users High
CVE-2026-26010 was published for org.open-metadata:openmetadata-sdk (Maven) Feb 11, 2026
amfor
Credited to amfor
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate... High Unreviewed
CVE-2026-21533 was published Feb 10, 2026
Craft CMS: GraphQL Asset Mutation Privilege Escalation High
CVE-2026-25497 was published for craftcms/cms (Composer) Feb 9, 2026
vitalysim
Credited to vitalysim
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2025-15100 was published Feb 8, 2026
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component... High Unreviewed
CVE-2025-69875 was published Feb 3, 2026
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. High Unreviewed
CVE-2025-13176 was published Jan 30, 2026
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password... High Unreviewed
CVE-2025-14975 was published Jan 29, 2026
WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is... High Unreviewed
CVE-2025-13917 was published Jan 28, 2026
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System... High Unreviewed
CVE-2025-59094 was published Jan 26, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21957 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21983 was published Jan 21, 2026
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a... High Unreviewed
CVE-2025-67246 was published Jan 15, 2026
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray... High Unreviewed
CVE-2025-36640 was published Jan 13, 2026
The absence of permissions control for the user XXX allows the current configuration in the... High Unreviewed
CVE-2026-22536 was published Jan 7, 2026
theshit vulnerable to unsafe loading of user-owned Python rules when running as root High
CVE-2025-69257 was published for theshit (Rust) Dec 30, 2025
AsfhtgkDavid
Credited to AsfhtgkDavid
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write High
CVE-2025-68697 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu
Credited to berkdedekarginoglu
An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE)... High Unreviewed
CVE-2025-67826 was published Dec 22, 2025
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to... High Unreviewed
CVE-2023-53908 was published Dec 18, 2025
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1... High Unreviewed
CVE-2025-67792 was published Dec 17, 2025
An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to... High Unreviewed
CVE-2025-14252 was published Dec 16, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3,... High Unreviewed
CVE-2025-43512 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database