Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

329 advisories

Loading
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function... Moderate Unreviewed
CVE-2026-2968 was published Feb 23, 2026
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu,... Moderate Unreviewed
CVE-2026-2385 was published Feb 22, 2026
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login... Moderate Unreviewed
CVE-2025-14444 was published Feb 18, 2026
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport... High Unreviewed
CVE-2026-1642 was published Feb 4, 2026
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows... Moderate Unreviewed
CVE-2026-21527 was published Feb 10, 2026
The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due... Moderate Unreviewed
CVE-2026-0939 was published Jan 16, 2026
Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi... Critical Unreviewed
CVE-2025-15385 was published Jan 6, 2026
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the... Moderate Unreviewed
CVE-2025-15154 was published Dec 28, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Low Unreviewed
CVE-2025-59700 was published Dec 2, 2025
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed
CVE-2025-66255 was published Nov 26, 2025
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment... Moderate Unreviewed
CVE-2025-12752 was published Nov 22, 2025
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor... High Unreviewed
CVE-2025-34337 was published Nov 19, 2025
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal... Moderate Unreviewed
CVE-2020-25019 was published May 24, 2022
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions... Moderate Unreviewed
CVE-2023-51764 was published Dec 24, 2023
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a... Moderate Unreviewed
CVE-2023-51766 was published Dec 24, 2023
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or... Low Unreviewed
CVE-2024-10977 was published Nov 14, 2024
When the Node.js policy feature checks the integrity of a resource against a trusted manifest,... High Unreviewed
CVE-2023-38552 was published Oct 18, 2023
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... Moderate Unreviewed
CVE-2023-32329 was published Feb 3, 2024
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442... Critical Unreviewed
CVE-2025-27680 was published Mar 5, 2025
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated... High Unreviewed
CVE-2014-5406 was published May 17, 2022
A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function... Moderate Unreviewed
CVE-2025-12295 was published Oct 27, 2025
IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks... Critical Unreviewed
CVE-2025-27558 was published May 21, 2025
On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application,... Moderate Unreviewed
CVE-2025-12080 was published Oct 27, 2025
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function... Moderate Unreviewed
CVE-2025-12245 was published Oct 27, 2025
An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows... Moderate Unreviewed
CVE-2025-56438 was published Oct 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database