Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

444 advisories

Loading
File Browser Signup Grants Admin When Default Permissions Include Admin Critical
CVE-2026-32760 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21667 was published Mar 12, 2026
A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on... Critical Unreviewed
CVE-2026-21666 was published Mar 12, 2026
Winter vulnerable to privilege escalation by authenticated backend users Critical
CVE-2026-27591 was published for winter/wn-backend-module (Composer) Mar 12, 2026
skyhex19 Credited to skyhex19
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Critical Unreviewed
CVE-2025-66956 was published Mar 11, 2026
Parse Server has role escalation and CLP bypass via direct `_Join` table write Critical
CVE-2026-30966 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
WeKnora Vulnerable to Broken Access Control in Tenant Management Critical
CVE-2026-30855 was published for github.com/Tencent/WeKnora (Go) Mar 6, 2026
aleister1102 Credited to aleister1102
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check Critical
CVE-2026-29188 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 4, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
Rancher cloud credentials can be used through proxy API by users without access Critical
CVE-2021-25320 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148 and... Critical Unreviewed
CVE-2026-2768 was published Feb 24, 2026
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests... Critical Unreviewed
CVE-2026-21627 was published Feb 20, 2026
Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker... Critical Unreviewed
CVE-2025-69634 was published Feb 12, 2026
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft... Critical Unreviewed
CVE-2025-8025 was published Feb 11, 2026
Azure Front Door Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2026-24300 was published Feb 6, 2026
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the... Critical Unreviewed
CVE-2025-68721 was published Feb 5, 2026
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with... Critical Unreviewed
CVE-2025-70982 was published Jan 26, 2026
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with... Critical Unreviewed
CVE-2025-70983 was published Jan 23, 2026
Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to... Critical Unreviewed
CVE-2025-70985 was published Jan 23, 2026
Improper access control in Azure Resource Manager allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-24304 was published Jan 23, 2026
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-24306 was published Jan 23, 2026
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle... Critical Unreviewed
CVE-2026-21962 was published Jan 21, 2026
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing... Critical Unreviewed
CVE-2026-1181 was published Jan 19, 2026
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147. Critical Unreviewed
CVE-2026-0881 was published Jan 13, 2026
Bypassing Kyverno Policies via Double Policy Exceptions Critical
GHSA-gg4x-fgg2-h9w9 was published for github.com/kyverno/kyverno (Go) Jan 6, 2026
r0binak Credited to r0binak
Ollama Platform has missing authentication enabling attackers to perform model management operations Critical
CVE-2025-63389 was published for github.com/ollama/ollama (Go) Dec 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database