Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

3,916 advisories

Loading
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2026-2144 was published Feb 14, 2026
Child processes spawned by Renovate incorrectly have full access to environment variables Moderate
GHSA-8wc6-vgrq-x6cf was published for renovate (npm) Feb 13, 2026
viceice
Credited to viceice
FrankenPHP leaks session data between requests in worker mode High
CVE-2026-24894 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
xavierleune dunglas
Credited to xavierleune and dunglas
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17... High Unreviewed
CVE-2024-50619 was published Feb 12, 2026
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2025-46310 was published Feb 12, 2026
Leaky JWTs in OpenMetadata exposing highly-privileged bot users High
CVE-2026-26010 was published for org.open-metadata:openmetadata-sdk (Maven) Feb 11, 2026
amfor
Credited to amfor
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate... High Unreviewed
CVE-2026-21533 was published Feb 10, 2026
Craft CMS: GraphQL Asset Mutation Privilege Escalation High
CVE-2026-25497 was published for craftcms/cms (Composer) Feb 9, 2026
vitalysim
Credited to vitalysim
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2025-15027 was published Feb 8, 2026
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2025-15100 was published Feb 8, 2026
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component... High Unreviewed
CVE-2025-69875 was published Feb 3, 2026
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset... Critical Unreviewed
CVE-2025-15030 was published Feb 2, 2026
Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access... Moderate Unreviewed
CVE-2025-6723 was published Jan 30, 2026
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. High Unreviewed
CVE-2025-13176 was published Jan 30, 2026
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password... High Unreviewed
CVE-2025-14975 was published Jan 29, 2026
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be... Moderate Unreviewed
CVE-2025-13918 was published Jan 28, 2026
WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is... High Unreviewed
CVE-2025-13917 was published Jan 28, 2026
Kyverno Cross-Namespace Privilege Escalation via Policy apiCall Critical
CVE-2026-22039 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev
Credited to thevilledev
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System... High Unreviewed
CVE-2025-59094 was published Jan 26, 2026
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User... Critical Unreviewed
CVE-2026-0920 was published Jan 22, 2026
Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims Moderate
CVE-2026-23990 was published for github.com/controlplaneio-fluxcd/flux-operator (Go) Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-21981 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21957 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21983 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-21963 was published Jan 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database