Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,875
Maven
5,000+
npm
4,501
NuGet
780
pip
4,254
Pub
12
RubyGems
975
Rust
1,099
Swift
49
Unreviewed advisories
All unreviewed
5,000+

13,100 advisories

Loading
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success... Low Unreviewed
CVE-2026-24883 was published Jan 27, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6... Low Unreviewed
CVE-2026-24870 was published Jan 27, 2026
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs... Low Unreviewed
CVE-2026-1485 was published Jan 27, 2026
sigstore CSRF possibility in OIDC authentication during signing Low
CVE-2026-24408 was published for sigstore (pip) Jan 26, 2026
jku
Credited to jku
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a... Low Unreviewed
CVE-2026-1190 was published Jan 26, 2026
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a... Low Unreviewed
CVE-2025-9521 was published Jan 26, 2026
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may... Low Unreviewed
CVE-2025-9615 was published Jan 26, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include... Low Unreviewed
CVE-2026-24439 was published Jan 26, 2026
Tanium addressed an improper input validation vulnerability in Discover. Low Unreviewed
CVE-2026-0925 was published Jan 26, 2026
Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector Low
CVE-2026-24656 was published for org.apache.karaf.decanter.collector:org.apache.karaf.decanter.collector.log.socket (Maven) Jan 26, 2026
A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This... Low Unreviewed
CVE-2026-1409 was published Jan 26, 2026
A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability... Low Unreviewed
CVE-2026-1408 was published Jan 26, 2026
A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an... Low Unreviewed
CVE-2026-1407 was published Jan 26, 2026
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for... Low Unreviewed
CVE-2026-0633 was published Jan 24, 2026
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler... Low Unreviewed
CVE-2026-24515 was published Jan 23, 2026
Gitea may send release notification emails for private repositories to users whose access has been revoked Low
CVE-2026-0798 was published for code.gitea.io/gitea (Go) Jan 23, 2026
Gitea improperly exposes issue and pull request titles Low
CVE-2026-20800 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea improperly exposes issue titles and repository names through previously started stopwatches Low
CVE-2026-20883 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea has improper access control for uploaded attachments Low
CVE-2026-20736 was published for code.gitea.io/gitea (Go) Jan 23, 2026
Container and Containerization archive extraction does not guard against escapes from extraction base directory. Low
CVE-2026-20613 was published for github.com/apple/container (Swift) Jan 22, 2026
LLfam
Credited to LLfam
Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue Low
GHSA-jp3q-wwp3-pwv9 was published for solspace/craft-freeform (Composer) Jan 22, 2026
Prav33N-Sec kjmartens
Credited to Prav33N-Sec and kjmartens
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10,... Low Unreviewed
CVE-2026-22281 was published Jan 22, 2026
Moonraker affected by LDAP search filter injection Low
CVE-2026-24130 was published for moonraker (pip) Jan 22, 2026
solovvway
Credited to solovvway
Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp Low
GHSA-7jxj-rpx7-ph2c was published for Umbraco.Forms (NuGet) Jan 22, 2026
Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential... Low Unreviewed
CVE-2025-12738 was published Jan 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database