Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

150,654 advisories

Loading
A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to... Moderate Unreviewed
CVE-2026-2864 was published Feb 21, 2026
A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts... Moderate Unreviewed
CVE-2026-2865 was published Feb 21, 2026
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function... Moderate Unreviewed
CVE-2026-2861 was published Feb 21, 2026
A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to... Moderate Unreviewed
CVE-2026-2863 was published Feb 21, 2026
A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to... Moderate Unreviewed
CVE-2026-2860 was published Feb 21, 2026
A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering... Moderate Unreviewed
CVE-2026-26047 was published Feb 21, 2026
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2019-25451 was published Feb 21, 2026
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to... Moderate Unreviewed
CVE-2019-25449 was published Feb 21, 2026
phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2019-25453 was published Feb 21, 2026
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability.... Moderate Unreviewed
CVE-2026-2490 was published Feb 21, 2026
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability.... Moderate Unreviewed
CVE-2026-2035 was published Feb 21, 2026
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2019-25454 was published Feb 21, 2026
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed
CVE-2019-25448 was published Feb 21, 2026
A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar... Moderate Unreviewed
CVE-2026-2858 was published Feb 21, 2026
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that... Moderate Unreviewed
CVE-2019-25447 was published Feb 21, 2026
Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field... Moderate Unreviewed
CVE-2019-25437 was published Feb 21, 2026
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated... Moderate Unreviewed
CVE-2019-25434 was published Feb 21, 2026
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows... Moderate Unreviewed
CVE-2019-25436 was published Feb 21, 2026
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs Moderate
CVE-2026-27576 was published for openclaw (npm) Feb 20, 2026
HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative... Moderate Unreviewed
CVE-2025-62326 was published Feb 20, 2026
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2019-25445 was published Feb 20, 2026
A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4... Moderate Unreviewed
CVE-2026-2852 was published Feb 20, 2026
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) Moderate
CVE-2026-27482 was published for ray (pip) Feb 20, 2026
qi-scape
Credited to qi-scape
AVideo has Stored Cross-Site Scripting via Markdown Comment Injection Moderate
CVE-2026-27568 was published for wwbn/avideo (Composer) Feb 20, 2026
arkmarta
Credited to arkmarta
Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused Moderate
CVE-2026-27492 was published for lettermint (npm) Feb 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database