GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,046
Composer 5,218
Erlang 40
GitHub Actions 40
Go 2,974
Maven 6,256
npm 4,621
NuGet 788
pip 4,317
Pub 12
RubyGems 984
Rust 1,131
Swift 49

Unreviewed advisories

All unreviewed 289,804

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,011 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Child processes spawned by Renovate incorrectly have full access to environment variables Moderate

GHSA-8wc6-vgrq-x6cf was published for renovate (npm) Feb 13, 2026

Credited to viceice

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed

CVE-2025-46310 was published Feb 12, 2026

Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access... Moderate Unreviewed

CVE-2025-6723 was published Jan 30, 2026

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be... Moderate Unreviewed

CVE-2025-13918 was published Jan 28, 2026

Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims Moderate

CVE-2026-23990 was published for github.com/controlplaneio-fluxcd/flux-operator (Go) Jan 21, 2026

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed

CVE-2026-21963 was published Jan 21, 2026

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed

CVE-2026-21981 was published Jan 21, 2026

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates... Moderate Unreviewed

CVE-2026-21223 was published Jan 17, 2026

There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products.... Moderate Unreviewed

CVE-2025-66315 was published Jan 9, 2026

RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting Moderate

CVE-2026-22043 was published for rustfs (Rust) Jan 8, 2026

Credited to Threonine

Apache StreamPipes has Improper Privilege Management issue Moderate

CVE-2025-47411 was published for org.apache.streampipes:streampipes-parent (Maven) Jan 1, 2026

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control... Moderate Unreviewed

CVE-2025-52599 was published Dec 26, 2025

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper... Moderate Unreviewed

CVE-2025-66173 was published Dec 19, 2025

The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode... Moderate Unreviewed

CVE-2025-14817 was published Dec 17, 2025

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows... Moderate Unreviewed

CVE-2025-12381 was published Dec 9, 2025

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper... Moderate Unreviewed

CVE-2025-62686 was published Dec 3, 2025

A local privilege escalation vulnerability exists in the InstallationHelper service included with... Moderate Unreviewed

CVE-2025-55076 was published Dec 3, 2025

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-13534 was published Dec 2, 2025

Snipe-IT is vulnerable to stored cross-site scripting Moderate

CVE-2025-65621 was published for snipe/snipe-it (Composer) Dec 1, 2025

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks... Moderate Unreviewed

CVE-2025-59790 was published Nov 28, 2025

CMService.exe creates the C:\\usr directory and subdirectories with insecure permissions,... Moderate Unreviewed

CVE-2025-66265 was published Nov 26, 2025

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute... Moderate Unreviewed

CVE-2025-20346 was published Nov 13, 2025

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Moderate Unreviewed

CVE-2025-24863 was published Nov 11, 2025

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes Moderate

CVE-2025-64436 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025

Credited to mihailkirov, Faeris95, and xpivarc

In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege... Moderate Unreviewed

CVE-2021-43768 was published Oct 24, 2025

Previous1…41 Next

Previous 1 2 3 4 5 … 40 41 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,011 advisories