Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

13,047 advisories

Loading
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2026-0682 was published Jan 17, 2026
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via... Low Unreviewed
CVE-2025-61873 was published Jan 16, 2026
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia... Low Unreviewed
CVE-2024-44210 was published Jan 16, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3... Low Unreviewed
CVE-2025-31186 was published Jan 16, 2026
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3... Low Unreviewed
CVE-2025-24090 was published Jan 16, 2026
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and... Low Unreviewed
CVE-2024-54556 was published Jan 16, 2026
The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its... Low Unreviewed
CVE-2023-3666 was published Jan 16, 2026
RustFS's RPC signature verification logs shared secret Low
CVE-2026-22782 was published for rustfs (Rust) Jan 16, 2026
rand-tech
Credited to rand-tech
Mattermost is vulnerable to CPU exhaustion via crafted HTTP request Low
CVE-2025-14822 was published for github.com/mattermost/mattermost-server (Go) Jan 16, 2026
PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams Low
CVE-2026-0858 was published for net.sourceforge.plantuml:plantuml (Maven) Jan 16, 2026
solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets Low
GHSA-rwr8-xrpw-9qf5 was published for solspace/craft-freeform (Composer) Jan 15, 2026
solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data Low
GHSA-44jg-mv3h-wj6g was published for solspace/craft-freeform (Composer) Jan 15, 2026
riekusdn
Credited to riekusdn
Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode Low
CVE-2026-23634 was published for pepr (npm) Jan 15, 2026
tghastings
Credited to tghastings
solspace/craft-freeform Has a DoS Vulnerability Low
GHSA-58q2-9x27-h2jm was published for solspace/craft-freeform (Composer) Jan 15, 2026
LeonBatch
Credited to LeonBatch
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions... Low Unreviewed
CVE-2026-0989 was published Jan 15, 2026
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability... Low Unreviewed
CVE-2026-0992 was published Jan 15, 2026
The device's passwords have not been adequately salted, making them vulnerable to password... Low Unreviewed
CVE-2026-22920 was published Jan 15, 2026
An attacker with administrative access may inject malicious content into the login page,... Low Unreviewed
CVE-2026-22919 was published Jan 15, 2026
Keycloak has an improper input validation vulnerability Low
CVE-2026-0976 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 15, 2026
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to... Low Unreviewed
CVE-2025-14457 was published Jan 15, 2026
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could... Low Unreviewed
CVE-2025-14058 was published Jan 15, 2026
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch Low
GHSA-73rr-hh4g-fpgx was published for diff (npm) Jan 14, 2026
guiyi-he ExplodingCabbage
Credited to guiyi-he and ExplodingCabbage
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion Low
CVE-2026-22036 was published for undici (npm) Jan 14, 2026
mcollina illia-v
Credited to mcollina and illia-v
Weblate leaks information via screenshots Low
CVE-2026-21889 was published for weblate (pip) Jan 14, 2026
nijel amCap1712
Credited to nijel and amCap1712
Chainlit contains an authorization bypass vulnerability Low
CVE-2025-68492 was published for chainlit (pip) Jan 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database