Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

117,270 advisories

Loading
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE)... High Unreviewed
CVE-2025-14478 was published Jan 17, 2026
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over... High Unreviewed
CVE-2026-20960 was published Jan 17, 2026
In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory... High Unreviewed
CVE-2025-48647 was published Jan 16, 2026
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path... High Unreviewed
CVE-2021-47847 was published Jan 16, 2026
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2... High Unreviewed
CVE-2025-62291 was published Jan 16, 2026
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint... High Unreviewed
CVE-2025-69581 was published Jan 16, 2026
DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path... High Unreviewed
CVE-2021-47822 was published Jan 16, 2026
Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI... High Unreviewed
CVE-2021-47826 was published Jan 16, 2026
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users... High Unreviewed
CVE-2021-47823 was published Jan 16, 2026
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local... High Unreviewed
CVE-2021-47825 was published Jan 16, 2026
Sandboxie Plus 0.7.4 contains an unquoted service path vulnerability in the SbieSvc service that... High Unreviewed
CVE-2021-47832 was published Jan 16, 2026
DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service... High Unreviewed
CVE-2021-47829 was published Jan 16, 2026
WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe... High Unreviewed
CVE-2021-47833 was published Jan 16, 2026
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service... High Unreviewed
CVE-2021-47828 was published Jan 16, 2026
Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could... High Unreviewed
CVE-2025-15032 was published Jan 16, 2026
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service... High Unreviewed
CVE-2021-47845 was published Jan 16, 2026
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization High
CVE-2026-23745 was published for tar (npm) Jan 16, 2026
Jvr2022
Credited to Jvr2022
GraphQL Modules has a Race Condition issue High
CVE-2026-23735 was published for graphql-modules (npm) Jan 16, 2026
DuckThom enisdenjo
ardatan
Credited to DuckThom, enisdenjo, and ardatan
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui b0b0haha
Credited to moyushui and b0b0haha
svelte is vulnerable to XSS with textarea bind:value High
GHSA-gw32-9rmw-qwww was published for svelte (npm) Jan 16, 2026
coyotte508 Conduitry
benmccann
Credited to coyotte508, Conduitry, and benmccann
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs High
GHSA-vx9w-5cx4-9796 was published for crawl4ai (pip) Jan 16, 2026
ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection High
GHSA-5qw5-wf2q-f538 was published for activerecord-jdbc-adapter (RubyGems) Jan 16, 2026
pyasn1 has a DoS vulnerability in decoder High
CVE-2026-23490 was published for pyasn1 (pip) Jan 16, 2026
tsigouris007
Credited to tsigouris007
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers... High Unreviewed
CVE-2025-31510 was published Jan 16, 2026
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS... High Unreviewed
CVE-2024-44238 was published Jan 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database