Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,011 advisories

Loading
Child processes spawned by Renovate incorrectly have full access to environment variables Moderate
GHSA-8wc6-vgrq-x6cf was published for renovate (npm) Feb 13, 2026
viceice
Credited to viceice
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows... Moderate Unreviewed
CVE-2020-0919 was published May 24, 2022
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2025-46310 was published Feb 12, 2026
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. Moderate Unreviewed
CVE-2016-11003 was published May 24, 2022
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an... Moderate Unreviewed
CVE-2024-2433 was published Mar 13, 2024
Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access... Moderate Unreviewed
CVE-2025-6723 was published Jan 30, 2026
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be... Moderate Unreviewed
CVE-2025-13918 was published Jan 28, 2026
Some Honor products are affected by incorrect privilege assignment vulnerability, successful... Moderate Unreviewed
CVE-2023-23427 was published Dec 29, 2023
Some Honor products are affected by incorrect privilege assignment vulnerability, successful... Moderate Unreviewed
CVE-2023-23429 was published Dec 29, 2023
Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims Moderate
CVE-2026-23990 was published for github.com/controlplaneio-fluxcd/flux-operator (Go) Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-21963 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-21981 was published Jan 21, 2026
A potential security vulnerability has been identified in the HP Support Assistant, which allows... Moderate Unreviewed
CVE-2025-43019 was published Jul 8, 2025
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates... Moderate Unreviewed
CVE-2026-21223 was published Jan 17, 2026
A potential security vulnerability has been identified in the HP Support Assistant for versions... Moderate Unreviewed
CVE-2025-10578 was published Oct 1, 2025
HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation... Moderate Unreviewed
CVE-2024-30150 was published Feb 26, 2025
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products.... Moderate Unreviewed
CVE-2025-66315 was published Jan 9, 2026
RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting Moderate
CVE-2026-22043 was published for rustfs (Rust) Jan 8, 2026
Threonine
Credited to Threonine
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control... Moderate Unreviewed
CVE-2025-52599 was published Dec 26, 2025
Apache StreamPipes has Improper Privilege Management issue Moderate
CVE-2025-47411 was published for org.apache.streampipes:streampipes-parent (Maven) Jan 1, 2026
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper... Moderate Unreviewed
CVE-2025-66173 was published Dec 19, 2025
The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode... Moderate Unreviewed
CVE-2025-14817 was published Dec 17, 2025
Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows... Moderate Unreviewed
CVE-2025-12381 was published Dec 9, 2025
Snipe-IT is vulnerable to stored cross-site scripting Moderate
CVE-2025-65621 was published for snipe/snipe-it (Composer) Dec 1, 2025
A local privilege escalation vulnerability exists in the InstallationHelper service included with... Moderate Unreviewed
CVE-2025-55076 was published Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database