Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,975
Maven
5,000+
npm
4,631
NuGet
788
pip
4,318
Pub
12
RubyGems
985
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

118,879 advisories

Loading
Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change High
GHSA-hr7j-63v7-vj7g was published for github.com/pterodactyl/wings (Composer) Feb 17, 2026
KTOymep
Credited to KTOymep
OpenClaw affected by SSRF in Image Tool Remote Fetch High
GHSA-56f2-hvwg-5743 was published for openclaw (npm) Feb 17, 2026
p80n-sec
Credited to p80n-sec
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes High
GHSA-3hcm-ggvf-rch5 was published for openclaw (npm) Feb 17, 2026
simecek stanislavfortaisle
Credited to simecek and stanislavfortaisle
OpenClaw's Browser Relay /cdp websocket is missing auth which could allow cross-tab cookie access High
GHSA-mr32-vwc2-5j6h was published for moltbot (npm) Feb 17, 2026
johnatzeropath LeftenantZero
yueyueL
Credited to johnatzeropath, LeftenantZero, and yueyueL
OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating High
GHSA-qj77-c3c8-9c3q was published for openclaw (npm) Feb 17, 2026
simecek stanislavfortaisle
Credited to simecek and stanislavfortaisle
OpenClaw has an arbitrary transcript path file write via gateway sessionFile High
GHSA-64qx-vpxx-mvqf was published for openclaw (npm) Feb 17, 2026
tubadeligoz
Credited to tubadeligoz
Rack has a Directory Traversal via Rack:Directory High
CVE-2026-22860 was published for rack (RubyGems) Feb 17, 2026
Masamuneee jeremyevans
ioquatix
Credited to Masamuneee, jeremyevans, and ioquatix
A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an... High Unreviewed
CVE-2026-2616 was published Feb 17, 2026
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0... High Unreviewed
CVE-2026-25087 was published Feb 17, 2026
A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function... High Unreviewed
CVE-2026-2615 was published Feb 17, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-7631 was published Feb 17, 2026
The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ... High Unreviewed
CVE-2026-1216 was published Feb 17, 2026
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties... High Unreviewed
CVE-2026-25903 was published Feb 17, 2026
SQL injection vulnerability (SQLi) in Clicldeu SaaS, specifically in the generation of reports,... High Unreviewed
CVE-2026-2247 was published Feb 17, 2026
The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access... High Unreviewed
CVE-2026-2592 was published Feb 17, 2026
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin... High Unreviewed
CVE-2025-12062 was published Feb 17, 2026
The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a... High Unreviewed
CVE-2026-2001 was published Feb 16, 2026
Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in... High Unreviewed
CVE-2026-2474 was published Feb 16, 2026
A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the... High Unreviewed
CVE-2026-2566 was published Feb 16, 2026
A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the... High Unreviewed
CVE-2026-2567 was published Feb 16, 2026
SmarterTools SmarterMail before 9526 allows XSS via MAPI requests. High Unreviewed
CVE-2026-26930 was published Feb 16, 2026
A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from... High Unreviewed
CVE-2026-2101 was published Feb 16, 2026
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to... High Unreviewed
CVE-2025-65716 was published Feb 16, 2026
An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS... High Unreviewed
CVE-2026-1334 was published Feb 16, 2026
Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a... High Unreviewed
CVE-2026-1046 was published Feb 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database