Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

378 advisories

Loading
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS... High Unreviewed
CVE-2026-20667 was published Feb 12, 2026
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4,... High Unreviewed
CVE-2025-46290 was published Feb 12, 2026
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-21513 was published Feb 10, 2026
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2026-21510 was published Feb 10, 2026
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie c0rydoras
Credited to MarcoPoloPie and c0rydoras
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340
Credited to nlgbao1340
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP... Moderate Unreviewed
CVE-2026-0620 was published Feb 3, 2026
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for... Moderate Unreviewed
CVE-2026-1232 was published Feb 2, 2026
TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF) Moderate
GHSA-gpx9-96j6-pp87 was published for agentos-taskweaver (pip) Jan 28, 2026
nnfrog
Credited to nnfrog
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability... High Unreviewed
CVE-2025-40536 was published Jan 28, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer
Credited to nyxsorcerer
Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox <... High Unreviewed
CVE-2026-24868 was published Jan 27, 2026
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of... Low Unreviewed
CVE-2025-55249 was published Jan 19, 2026
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to... Moderate Unreviewed
CVE-2026-20824 was published Jan 13, 2026
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147,... High Unreviewed
CVE-2026-0877 was published Jan 13, 2026
pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default" High
CVE-2025-69264 was published for pnpm (npm) Jan 7, 2026
orenyomtov
Credited to orenyomtov
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip... Moderate Unreviewed
CVE-2025-15422 was published Jan 2, 2026
Picklescan Bypasses Unsafe Globals Check using pty.spawn High
GHSA-hgrh-qx5j-jfwx was published for picklescan (pip) Dec 29, 2025
yarienkiva
Credited to yarienkiva
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node Critical
CVE-2025-68668 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu VladimirEliTokarev
Ofekitach nnfrog
Credited to berkdedekarginoglu, VladimirEliTokarev, Ofekitach, and nnfrog
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An... High Unreviewed
CVE-2025-46291 was published Dec 17, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app... High Unreviewed
CVE-2025-46281 was published Dec 17, 2025
Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal ... Moderate Unreviewed
CVE-2025-59849 was published Dec 17, 2025
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost... Low Unreviewed
CVE-2025-13326 was published Dec 17, 2025
Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd.... High Unreviewed
CVE-2025-14304 was published Dec 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database