Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,880
Maven
5,000+
npm
4,518
NuGet
784
pip
4,260
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

28,365 advisories

Loading
Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure) Critical
GHSA-vg9h-jx4v-cwx2 was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team
Credited to mobasi-team
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2020-37012 was published Jan 29, 2026
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE Critical
GHSA-c4jr-5q7w-f6r9 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 29, 2026
thxtech
Credited to thxtech
AutoGPT is Vulnerable to RCE via Disabled Block Execution Critical
CVE-2026-24780 was published for agpt (pip) Jan 29, 2026
rahulgovind
Credited to rahulgovind
DotNetNuke.Core Vulnerable to Stored XSS via Module Title Critical
CVE-2026-24838 was published for DotNetNuke.Core (NuGet) Jan 28, 2026
bdukes
Credited to bdukes
Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly... Critical Unreviewed
CVE-2025-58210 was published Jan 28, 2026
Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload... Critical Unreviewed
CVE-2025-57794 was published Jan 28, 2026
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by... Critical Unreviewed
CVE-2025-57792 was published Jan 28, 2026
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download... Critical Unreviewed
CVE-2025-57795 was published Jan 28, 2026
Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema Critical
GHSA-5w5r-mf82-595p was published for capnp (Rust) Jan 28, 2026
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2026-1056 was published Jan 28, 2026
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability... Critical Unreviewed
CVE-2025-40552 was published Jan 28, 2026
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization... Critical Unreviewed
CVE-2025-40551 was published Jan 28, 2026
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability... Critical Unreviewed
CVE-2025-40554 was published Jan 28, 2026
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization... Critical Unreviewed
CVE-2025-40553 was published Jan 28, 2026
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks... Critical Unreviewed
CVE-2025-21589 was published Jan 27, 2026
A security issue has been identified in ibaPDA that could allow unauthorized actions on the file... Critical Unreviewed
CVE-2025-14988 was published Jan 27, 2026
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability... Critical Unreviewed
CVE-2026-24858 was published Jan 27, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer
Credited to nyxsorcerer
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized... Critical Unreviewed
CVE-2026-24874 was published Jan 27, 2026
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance... Critical Unreviewed
CVE-2026-1482 was published Jan 27, 2026
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance... Critical Unreviewed
CVE-2026-1475 was published Jan 27, 2026
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance... Critical Unreviewed
CVE-2026-1478 was published Jan 27, 2026
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance... Critical Unreviewed
CVE-2026-1473 was published Jan 27, 2026
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance... Critical Unreviewed
CVE-2026-1483 was published Jan 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database