Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

190 advisories

Loading
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can... Moderate Unreviewed
CVE-2026-40425 was published May 29, 2026
Files or directories accessible to external parties vulnerability in redis-server component in... Moderate Unreviewed
CVE-2024-11399 was published May 27, 2026
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF)... Moderate Unreviewed
CVE-2026-40564 was published May 26, 2026
Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/ Moderate
GHSA-g39v-cvjh-8fpf was published for ha-mcp (pip) May 14, 2026
bharat Credited to bharat
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from... Moderate Unreviewed
CVE-2026-33380 was published May 13, 2026
A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource... Moderate Unreviewed
CVE-2026-42063 was published May 13, 2026
Files or directories accessible to external parties in Microsoft Office Word allows an... Moderate Unreviewed
CVE-2026-35440 was published May 12, 2026
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized... Moderate Unreviewed
CVE-2026-32185 was published May 12, 2026
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening Moderate
GHSA-cqmh-pcgr-q42f was published for @axonflow/openclaw (npm) May 6, 2026
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly... Moderate Unreviewed
CVE-2026-5335 was published May 4, 2026
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client... Moderate Unreviewed
CVE-2021-47960 was published Apr 10, 2026
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line... Moderate Unreviewed
CVE-2021-4474 was published Mar 26, 2026
SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes Moderate
CVE-2026-32750 was published for github.com/siyuan-note/siyuan (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Moderate Unreviewed
CVE-2025-66955 was published Mar 12, 2026
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction Moderate
CVE-2026-29066 was published for @tinacms/cli (npm) Mar 12, 2026
alaeddine03 Credited to alaeddine03
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical... Moderate Unreviewed
CVE-2026-24732 was published Mar 4, 2026
An arbitrary file deletion vulnerability has been identified in the command-line interface of... Moderate Unreviewed
CVE-2025-37177 was published Jan 13, 2026
The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in... Moderate Unreviewed
CVE-2025-12648 was published Jan 7, 2026
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14442 was published Dec 12, 2025
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality Moderate
CVE-2025-66625 was published for Umbraco.Cms (NuGet) Dec 9, 2025
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to,... Moderate Unreviewed
CVE-2025-12747 was published Nov 21, 2025
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2025-12894 was published Nov 21, 2025
Tanium addressed an arbitrary file deletion vulnerability in TanOS. Moderate Unreviewed
CVE-2025-13225 was published Nov 19, 2025
IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due... Moderate Unreviewed
CVE-2025-33150 was published Nov 10, 2025
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and... Moderate Unreviewed
CVE-2025-58152 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database