GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,046
Composer 5,218
Erlang 40
GitHub Actions 40
Go 2,974
Maven 6,256
npm 4,621
NuGet 788
pip 4,317
Pub 12
RubyGems 984
Rust 1,131
Swift 49

Unreviewed advisories

All unreviewed 289,804

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

24,885 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0... Critical Unreviewed

CVE-2026-2577 was published Feb 16, 2026

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to... Critical Unreviewed

CVE-2026-26369 was published Feb 15, 2026

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin)... Critical Unreviewed

CVE-2026-26366 was published Feb 15, 2026

The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is... Critical Unreviewed

CVE-2025-32058 was published Feb 15, 2026

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2026-1490 was published Feb 15, 2026

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed

CVE-2026-1306 was published Feb 14, 2026

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less... Critical Unreviewed

CVE-2025-8572 was published Feb 14, 2026

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service... Critical Unreviewed

CVE-2026-26333 was published Feb 13, 2026

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured... Critical Unreviewed

CVE-2026-26335 was published Feb 13, 2026

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer... Critical Unreviewed

CVE-2026-26221 was published Feb 13, 2026

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1... Critical Unreviewed

CVE-2025-69770 was published Feb 13, 2026

Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm... Critical Unreviewed

CVE-2019-25322 was published Feb 13, 2026

Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple... Critical Unreviewed

CVE-2026-1358 was published Feb 13, 2026

webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename... Critical Unreviewed

CVE-2025-70314 was published Feb 12, 2026

newbee-mall includes pre-seeded administrator accounts in its database initialization script.... Critical Unreviewed

CVE-2026-26218 was published Feb 12, 2026

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The... Critical Unreviewed

CVE-2026-26219 was published Feb 12, 2026

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list)... Critical Unreviewed

CVE-2025-70981 was published Feb 12, 2026

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker... Critical Unreviewed

CVE-2025-69634 was published Feb 12, 2026

Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS... Critical Unreviewed

CVE-2026-26214 was published Feb 12, 2026

Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing... Critical Unreviewed

CVE-2025-14014 was published Feb 12, 2026

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2025-10969 was published Feb 12, 2026

The affected devices do not validate the server certificate when connecting to the SolaX Cloud... Critical Unreviewed

CVE-2025-15573 was published Feb 12, 2026

The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative... Critical Unreviewed

CVE-2025-14892 was published Feb 12, 2026

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed

CVE-2026-1729 was published Feb 12, 2026

A race condition was addressed with improved handling of symbolic links. This issue is fixed in... Critical Unreviewed

CVE-2026-20677 was published Feb 12, 2026

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

24,885 advisories