Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,796
Maven
5,000+
npm
4,410
NuGet
772
pip
4,181
Pub
12
RubyGems
965
Rust
1,078
Swift
45
Unreviewed advisories
All unreviewed
5,000+

28,018 advisories

Loading
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion... Critical Unreviewed
CVE-2019-25296 was published Jan 8, 2026
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux... Critical Unreviewed
CVE-2019-25291 was published Jan 8, 2026
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package ... Critical Unreviewed
CVE-2025-15346 was published Jan 8, 2026
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that... Critical Unreviewed
CVE-2017-20214 was published Jan 8, 2026
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote... Critical Unreviewed
CVE-2017-20216 was published Jan 8, 2026
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that... Critical Unreviewed
CVE-2019-25278 was published Jan 8, 2026
zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility.... Critical Unreviewed
CVE-2026-22184 was published Jan 7, 2026
OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE Critical
GHSA-5f29-2333-h9c7 was published for org.open-metadata:platform (Maven) Jan 7, 2026
lnlinh31 manerow
TeddyCr pmbrull
Credited to lnlinh31, manerow, TeddyCr, and pmbrull
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling Critical
CVE-2026-21858 was published for n8n (npm) Jan 7, 2026
dorattias
Credited to dorattias
A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1... Critical Unreviewed
CVE-2025-61492 was published Jan 7, 2026
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other... Critical Unreviewed
CVE-2025-12543 was published Jan 7, 2026
An attacker with access to the system's internal network can cause a denial of service on the... Critical Unreviewed
CVE-2026-22542 was published Jan 7, 2026
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows... Critical Unreviewed
CVE-2025-47552 was published Jan 7, 2026
The massive sending of ARP requests causes a denial of service on one board of the charger that... Critical Unreviewed
CVE-2026-22540 was published Jan 7, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-32303 was published Jan 7, 2026
OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware Critical
CVE-2026-0650 was published for github.com/openflagr/flagr (Go) Jan 7, 2026
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname... Critical Unreviewed
CVE-2025-68637 was published Jan 7, 2026
The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account... Critical Unreviewed
CVE-2025-15018 was published Jan 7, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane... Critical Unreviewed
CVE-2025-30996 was published Jan 6, 2026
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the... Critical Unreviewed
CVE-2025-14942 was published Jan 6, 2026
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly... Critical Unreviewed
CVE-2025-39477 was published Jan 6, 2026
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The... Critical Unreviewed
CVE-2025-65212 was published Jan 6, 2026
An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless... Critical Unreviewed
CVE-2025-60262 was published Jan 6, 2026
Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows... Critical Unreviewed
CVE-2025-60534 was published Jan 6, 2026
Bypassing Kyverno Policies via Double Policy Exceptions Critical
GHSA-gg4x-fgg2-h9w9 was published for github.com/kyverno/kyverno (Go) Jan 6, 2026
r0binak
Credited to r0binak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database