Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,954
Maven
5,000+
npm
4,606
NuGet
787
pip
4,305
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

454 advisories

Loading
FUXA Unauthenticated Remote Code Execution in Node-RED Integration Critical
CVE-2026-25938 was published for fuxa-server (npm) Feb 10, 2026
wodzen
Credited to wodzen
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers High
CVE-2026-21862 was published for rustfs (Rust) Feb 3, 2026
max-r-b enitmar
Credited to max-r-b and enitmar
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers... Moderate Unreviewed
CVE-2020-37056 was published Jan 31, 2026
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows... Moderate Unreviewed
CVE-2026-0834 was published Jan 21, 2026
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and... Critical Unreviewed
CVE-2026-22797 was published Jan 19, 2026
A vulnerability was reported in ThinkPlus configuration software that could allow a local... High Unreviewed
CVE-2025-13455 was published Jan 15, 2026
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication... Critical Unreviewed
CVE-2025-11250 was published Jan 13, 2026
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects... Moderate Unreviewed
CVE-2026-0890 was published Jan 13, 2026
Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted... High Unreviewed
CVE-2025-62235 was published Jan 10, 2026
Shiori is vulnerable to authentication bypass via a brute force attack Moderate
CVE-2025-60538 was published for github.com/go-shiori/shiori (Go) Jan 9, 2026
n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks Moderate
CVE-2026-21894 was published for n8n (npm) Jan 7, 2026
nkoorty jjjutla
geckosecurity
Credited to nkoorty, jjjutla, and geckosecurity
Signal K Server Vulnerable to Access Request Spoofing Moderate
CVE-2025-69203 was published for signalk-server (npm) Jan 2, 2026
atsc11
Credited to atsc11
Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL... High Unreviewed
CVE-2025-68644 was published Dec 21, 2025
Microsoft Edge (Chromium-based) Spoofing Vulnerability Low Unreviewed
CVE-2025-65046 was published Dec 19, 2025
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP... High Unreviewed
CVE-2025-59385 was published Dec 16, 2025
The authentication mechanism on web interface is not properly implemented. It is possible to... Critical Unreviewed
CVE-2025-36754 was published Dec 13, 2025
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default,... High Unreviewed
CVE-2025-36753 was published Dec 13, 2025
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This... High Unreviewed
CVE-2024-8273 was published Dec 11, 2025
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional... High Unreviewed
CVE-2025-59802 was published Dec 11, 2025
Bypass vulnerability in the authentication method in the GTT Tax Information System application,... Critical Unreviewed
CVE-2025-13953 was published Dec 10, 2025
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146. High Unreviewed
CVE-2025-14327 was published Dec 9, 2025
1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers Moderate
CVE-2025-66508 was published for github.com/1Panel-dev/1Panel (Go) Dec 8, 2025
Threonine
Credited to Threonine
1Panel – CAPTCHA Bypass via Client-Controlled Flag High
CVE-2025-66507 was published for github.com/1Panel-dev/1Panel (Go) Dec 8, 2025
aliyevmursal
Credited to aliyevmursal
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets.... Moderate Unreviewed
CVE-2025-66270 was published Dec 5, 2025
A flaw exists in the verification of application installation sources within ColorOS. Under... Moderate Unreviewed
CVE-2025-27389 was published Dec 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database