Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

28,617 advisories

Loading
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2026-2635 was published Feb 21, 2026
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to... Critical Unreviewed
CVE-2019-25441 was published Feb 21, 2026
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command... Critical Unreviewed
CVE-2021-35402 was published Feb 20, 2026
Traefik affected by TLS ClientAuth Bypass on HTTP/3 Critical
GHSA-gv8r-9rw9-9697 was published for github.com/traefik/traefik (Go) Feb 20, 2026
rbqvq
Credited to rbqvq
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2... Critical Unreviewed
CVE-2026-2333 was published Feb 20, 2026
The web management interface of the device allows the administrator username and password to be... Critical Unreviewed
CVE-2026-25715 was published Feb 20, 2026
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names Critical
CVE-2026-25896 was published for fast-xml-parser (npm) Feb 20, 2026
Ochk0
Credited to Ochk0
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests... Critical Unreviewed
CVE-2026-21627 was published Feb 20, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-10970 was published Feb 20, 2026
Sensitive data disclosure and manipulation due to improper authentication. The following products... Critical Unreviewed
CVE-2025-30412 was published Feb 20, 2026
Sensitive data disclosure and manipulation due to missing authorization. The following products... Critical Unreviewed
CVE-2025-30416 was published Feb 20, 2026
Sensitive data disclosure and manipulation due to missing authentication. The following products... Critical Unreviewed
CVE-2025-30410 was published Feb 20, 2026
Sensitive data disclosure and manipulation due to improper authentication. The following products... Critical Unreviewed
CVE-2025-30411 was published Feb 20, 2026
Dagu affected by unauthenticated RCE via inline DAG spec in default configuration Critical
GHSA-6qr9-g2xw-cw92 was published for github.com/dagu-org/dagu (Go) Feb 19, 2026
ByamB4
Credited to ByamB4
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that... Critical Unreviewed
CVE-2026-27476 was published Feb 19, 2026
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur... Critical Unreviewed
CVE-2026-27475 was published Feb 19, 2026
Prototype pollution in swiper Critical
CVE-2026-27212 was published for swiper (npm) Feb 19, 2026
kevgeoleo vdata1
reallyTG
Credited to kevgeoleo, vdata1, and reallyTG
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution Critical
CVE-2026-26030 was published for semantic-kernel (pip) Feb 19, 2026
amiteliahu doredry
urioren
Credited to amiteliahu, doredry, and urioren
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code... Critical Unreviewed
CVE-2026-26339 was published Feb 19, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2026-2409 was published Feb 19, 2026
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur... Critical Unreviewed
CVE-2025-71250 was published Feb 19, 2026
Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in... Critical Unreviewed
CVE-2025-8350 was published Feb 19, 2026
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software... Critical Unreviewed
CVE-2025-9953 was published Feb 19, 2026
carbon-apimgt does not properly restrict uploaded files Critical
CVE-2025-13590 was published for org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl (Maven) Feb 19, 2026
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin... Critical Unreviewed
CVE-2025-12107 was published Feb 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database