Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,002
Maven
5,000+
npm
4,724
NuGet
788
pip
4,335
Pub
12
RubyGems
987
Rust
1,136
Swift
50
Unreviewed advisories
All unreviewed
5,000+

119,062 advisories

Loading
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue... High Unreviewed
CVE-2026-26050 was published Feb 20, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-13672 was published Feb 20, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-9208 was published Feb 20, 2026
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose... High Unreviewed
CVE-2026-21535 was published Feb 20, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-8054 was published Feb 20, 2026
Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize() High
CVE-2026-27206 was published for zumba/json-serializer (Composer) Feb 19, 2026
TheDeepOpc jrbasso
cjsaylor
Credited to TheDeepOpc, jrbasso, and cjsaylor
OpenClaw has a path traversal in apply_patch could write/delete files outside the workspace High
GHSA-r5fq-947m-xm57 was published for openclaw (npm) Feb 19, 2026
p80n-sec
Credited to p80n-sec
Feathers exposes internal headers via unencrypted session cookie High
CVE-2026-27193 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid b0-n0-b0
Credited to vvxhid and b0-n0-b0
Feathers has an origin validation bypass via prefix matching High
CVE-2026-27192 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid b0-n0-b0
Credited to vvxhid and b0-n0-b0
Feathers has an open redirect in OAuth callback enables account takeover High
CVE-2026-27191 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid b0-n0-b0
Credited to vvxhid and b0-n0-b0
Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process High
CVE-2026-27190 was published for deno (Rust) Feb 19, 2026
jackhax
Credited to jackhax
Formwork Improperly Managed Privileges in User creation High
CVE-2026-27198 was published for getformwork/formwork (Composer) Feb 19, 2026
G3XAR
Credited to G3XAR
Statamic affected by privilege escalation via stored cross-site scripting High
CVE-2026-27196 was published for statamic/cms (Composer) Feb 19, 2026
genneta
Credited to genneta
D-Tale affected by Remote Code Execution through the /save-column-filter endpoint High
CVE-2026-27194 was published for dtale (pip) Feb 19, 2026
eBay API MCP Server Affected by Environment Variable Injection High
CVE-2026-27203 was published for ebay-mcp (npm) Feb 19, 2026
nedlir
Credited to nedlir
PyO3 has type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature High
GHSA-47qc-857f-7w7f was published for pyo3 (Rust) Feb 19, 2026
jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property) High
CVE-2026-25940 was published for jspdf (npm) Feb 19, 2026
Macabely
Credited to Macabely
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method High
CVE-2026-25755 was published for jspdf (npm) Feb 19, 2026
ZeroXJacks
Credited to ZeroXJacks
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-2232 was published Feb 19, 2026
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary... High Unreviewed
CVE-2026-26337 was published Feb 19, 2026
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected... High Unreviewed
CVE-2026-26336 was published Feb 19, 2026
The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob'... High Unreviewed
CVE-2026-1581 was published Feb 19, 2026
A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11... High Unreviewed
CVE-2026-2274 was published Feb 19, 2026
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege... High Unreviewed
CVE-2026-22267 was published Feb 19, 2026
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path... High Unreviewed
CVE-2026-26359 was published Feb 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database