Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,522
NuGet
785
pip
4,262
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

313,374 advisories

Loading
The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-15525 was published Jan 31, 2026
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2026-1431 was published Jan 31, 2026
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2026-0683 was published Jan 31, 2026
Active Storage allowed transformation methods that were potentially unsafe Critical
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
th4s1s
Credited to th4s1s
PsySH has Local Privilege Escalation via CWD .psysh.php auto-load Moderate
CVE-2026-25129 was published for psy/psysh (Composer) Jan 30, 2026
aqhmal
Credited to aqhmal
Orval has Code Injection via unsanitized x-enum-descriptions using JS comments Critical
CVE-2026-25141 was published for @orval/core (npm) Jan 30, 2026
progfay k14uz
Credited to progfay and k14uz
CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection Critical
CVE-2026-25130 was published for cai-framework (pip) Jan 30, 2026
FailButWin 0x5t
Credited to FailButWin and 0x5t
wgp race condition in inner::drop Low
CVE-2025-47735 was published for wgp (Rust) May 9, 2025
malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction Moderate
CVE-2026-24846 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal egibs
antitree stevebeattie eslerm
Credited to 1seal, egibs, antitree, stevebeattie, and eslerm
malcontent OCI image pull credential exfiltration via malicious registry token realm Moderate
CVE-2026-24845 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal egibs
antitree stevebeattie eslerm
Credited to 1seal, egibs, antitree, stevebeattie, and eslerm
Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements High
CVE-2025-12758 was published for validator (npm) Nov 27, 2025
js-yaml has prototype pollution in merge (<<) Moderate
CVE-2025-64718 was published for js-yaml (npm) Nov 14, 2025
Zephkek mhassan1
opal-visibuild alexstrive jlp-craigmorten turi4200
Credited to Zephkek, mhassan1, opal-visibuild, alexstrive, jlp-craigmorten, and turi4200
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data... Moderate Unreviewed
CVE-2025-15510 was published Jan 31, 2026
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to... Moderate Unreviewed
CVE-2026-0227 was published Jan 15, 2026
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute... High Unreviewed
CVE-2020-37040 was published Jan 31, 2026
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to... High Unreviewed
CVE-2020-37043 was published Jan 31, 2026
Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute... High Unreviewed
CVE-2020-37050 was published Jan 31, 2026
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to... Moderate Unreviewed
CVE-2020-37054 was published Jan 31, 2026
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the... Moderate Unreviewed
CVE-2020-37039 was published Jan 31, 2026
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field... High Unreviewed
CVE-2020-37049 was published Jan 31, 2026
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to... High Unreviewed
CVE-2020-37053 was published Jan 31, 2026
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback... High Unreviewed
CVE-2020-37051 was published Jan 31, 2026
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers... Moderate Unreviewed
CVE-2020-37056 was published Jan 31, 2026
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows... Critical Unreviewed
CVE-2020-37052 was published Jan 31, 2026
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery... Moderate Unreviewed
CVE-2020-37046 was published Jan 31, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database