Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4,050 advisories

Loading
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong... Critical Unreviewed
CVE-2025-65128 was published Feb 11, 2026
A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT... High Unreviewed
CVE-2025-65127 was published Feb 11, 2026
METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console... Critical Unreviewed
CVE-2026-2249 was published Feb 11, 2026
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console... Critical Unreviewed
CVE-2026-2248 was published Feb 11, 2026
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2026-21508 was published Feb 10, 2026
cap-go/capacitor-native-biometric Authentication Bypass Moderate
GHSA-vx5f-vmr6-32wf was published for @capgo/capacitor-native-biometric (npm) Feb 10, 2026
itz-d0dgy-2nd
Credited to itz-d0dgy-2nd
Apache Druid Vulnerable to Authentication Bypass Critical
CVE-2026-23906 was published for org.apache.druid.extensions:druid-basic-security (Maven) Feb 10, 2026
Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd.... High Unreviewed
CVE-2025-10463 was published Feb 9, 2026
A security flaw has been discovered in code-projects Contact Management System 1.0. This affects... Moderate Unreviewed
CVE-2026-2174 was published Feb 8, 2026
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function... Moderate Unreviewed
CVE-2026-2165 was published Feb 8, 2026
Antrea has invalid enforcement order for network policy rules caused by integer overflow High
CVE-2026-25804 was published for antrea.io/antrea (Go) Feb 6, 2026
antoninbas Dyanngg
Credited to antoninbas and Dyanngg
A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this... Moderate Unreviewed
CVE-2026-2065 was published Feb 6, 2026
Gogs Vulnerable to 2FA Bypass via Recovery Code High
CVE-2025-64175 was published for gogs.io/gogs (Go) Feb 6, 2026
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
CVE-2026-25893 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers... Critical Unreviewed
CVE-2025-70841 was published Feb 3, 2026
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion... Critical Unreviewed
CVE-2026-1568 was published Feb 3, 2026
A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by... Low Unreviewed
CVE-2026-1743 was published Feb 2, 2026
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function... Moderate Unreviewed
CVE-2026-1740 was published Feb 2, 2026
Salt Authentication Protocol Version Downgrade Allows Minion Impersonation High
CVE-2025-62349 was published for salt (pip) Jan 30, 2026
Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication... Moderate Unreviewed
CVE-2026-22764 was published Jan 29, 2026
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password... Moderate Unreviewed
CVE-2025-12810 was published Jan 27, 2026
A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown... Moderate Unreviewed
CVE-2026-1410 was published Jan 26, 2026
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for... Low Unreviewed
CVE-2026-0633 was published Jan 24, 2026
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user... Critical Unreviewed
CVE-2022-25369 was published Jan 23, 2026
A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function... Moderate Unreviewed
CVE-2026-1203 was published Jan 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database