Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

29,098 advisories

Loading
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to... Critical Unreviewed
CVE-2025-69809 was published Mar 16, 2026
An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated... Critical Unreviewed
CVE-2025-69808 was published Mar 16, 2026
Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion Critical
GHSA-rmpj-3x5m-9m5f was published for admidio/admidio (Composer) Mar 16, 2026
restriction Credited to restriction
SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API Critical
CVE-2026-32767 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
iconnnjka Credited to iconnnjka
File Browser Signup Grants Admin When Default Permissions Include Admin Critical
CVE-2026-32760 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken() Critical
CVE-2026-32267 was published for craftcms/cms (Composer) Mar 16, 2026
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL... Critical Unreviewed
CVE-2025-62319 was published Mar 16, 2026
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` Critical
CVE-2026-32633 was published for Glances (pip) Mar 16, 2026
restriction Credited to restriction
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object... Critical Unreviewed
CVE-2017-20223 was published Mar 16, 2026
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability... Critical Unreviewed
CVE-2017-20224 was published Mar 16, 2026
claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2025-15060 was published Mar 16, 2026
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows... Critical Unreviewed
CVE-2016-20024 was published Mar 16, 2026
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2016-20030 was published Mar 16, 2026
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that... Critical Unreviewed
CVE-2016-20026 was published Mar 16, 2026
Authlib JWS JWK Header Injection: Signature Verification Bypass Critical
CVE-2026-27962 was published for authlib (pip) Mar 16, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames Critical
CVE-2026-25534 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Mar 16, 2026
jaydhulia Credited to jaydhulia and jasonmcintosh jasonmcintosh jasonmcintosh
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2026-3891 was published Mar 13, 2026
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local... Critical Unreviewed
CVE-2026-32746 was published Mar 13, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal... Critical Unreviewed
CVE-2026-32367 was published Mar 13, 2026
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions()... Critical Unreviewed
CVE-2026-22193 was published Mar 13, 2026
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... Critical Unreviewed
CVE-2026-25823 was published Mar 13, 2026
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... Critical Unreviewed
CVE-2026-25818 was published Mar 13, 2026
OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes Critical
GHSA-rqpp-rjj8-7wv8 was published for openclaw (npm) Mar 13, 2026
LUOYEcode Credited to LUOYEcode
Apollo Federation vulnerable to prototype pollution via incomplete key sanitization Critical
CVE-2026-32621 was published for @apollo/federation-internals (npm) Mar 13, 2026
r3dbrothers Credited to r3dbrothers
Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL Critical
CVE-2026-32301 was published for github.com/centrifugal/centrifugo/v6 (Go) Mar 13, 2026
VarshankNaik Credited to VarshankNaik
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database