Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,960
Maven
5,000+
npm
4,611
NuGet
788
pip
4,314
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

10,190 advisories

Loading
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an... Moderate Unreviewed
CVE-2026-20932 was published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an... Moderate Unreviewed
CVE-2026-20937 was published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an... Moderate Unreviewed
CVE-2026-20939 was published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized... Moderate Unreviewed
CVE-2026-20847 was published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows... Moderate Unreviewed
CVE-2026-20862 was published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an... Moderate Unreviewed
CVE-2026-20823 was published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call... Moderate Unreviewed
CVE-2026-20821 was published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface ... Moderate Unreviewed
CVE-2026-20827 was published Jan 13, 2026
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an... Moderate Unreviewed
CVE-2026-20805 was published Jan 13, 2026
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet... Critical Unreviewed
CVE-2025-47855 was published Jan 13, 2026
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14507 was published Jan 13, 2026
Information disclosure in the XML component. This vulnerability affects Firefox < 147. Moderate Unreviewed
CVE-2026-0888 was published Jan 13, 2026
Information disclosure in the Networking component. This vulnerability affects Firefox < 147 and... Moderate Unreviewed
CVE-2026-0883 was published Jan 13, 2026
A vulnerability has been identified in the ServiceNow AI Platform that could enable an... Critical Unreviewed
CVE-2025-12420 was published Jan 13, 2026
Weblate wlc has insecure API key configuration Moderate
CVE-2026-22251 was published for wlc (pip) Jan 12, 2026
nijel Zee99y
Credited to nijel and Zee99y
XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService Moderate
CVE-2025-65090 was published for org.xwiki.contrib:macro-fullcalendar-pom (Maven) Jan 9, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-46676 was published Jan 9, 2026
The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2025-14980 was published Jan 9, 2026
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions... Moderate Unreviewed
CVE-2025-14574 was published Jan 9, 2026
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any... High Unreviewed
CVE-2025-68719 was published Jan 8, 2026
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface... Moderate Unreviewed
CVE-2025-68718 was published Jan 8, 2026
Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions... Low Unreviewed
CVE-2026-0747 was published Jan 8, 2026
Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles High
GHSA-96qw-h329-v5rg was published for shakapacker (RubyGems) Jan 8, 2026
This vulnerability allows a Backup or Tape Operator to write files as root. Critical Unreviewed
CVE-2025-59469 was published Jan 8, 2026
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests... Moderate Unreviewed
CVE-2026-20027 was published Jan 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database