Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,002
Maven
5,000+
npm
4,724
NuGet
788
pip
4,335
Pub
12
RubyGems
987
Rust
1,136
Swift
50
Unreviewed advisories
All unreviewed
5,000+

150,581 advisories

Loading
The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting... Moderate Unreviewed
CVE-2026-2486 was published Feb 20, 2026
WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting... Moderate Unreviewed
CVE-2026-26370 was published Feb 20, 2026
This vulnerability allows authenticated attackers to read an arbitrary file by changing a... Moderate Unreviewed
CVE-2025-59819 was published Feb 20, 2026
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function... Moderate Unreviewed
CVE-2026-2825 was published Feb 20, 2026
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function... Moderate Unreviewed
CVE-2026-2823 was published Feb 20, 2026
A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an... Moderate Unreviewed
CVE-2026-2822 was published Feb 20, 2026
A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file ... Moderate Unreviewed
CVE-2026-2824 was published Feb 20, 2026
This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance... Moderate Unreviewed
CVE-2026-2739 was published Feb 20, 2026
A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5.... Moderate Unreviewed
CVE-2026-2821 was published Feb 20, 2026
The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... Moderate Unreviewed
CVE-2026-2384 was published Feb 20, 2026
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects... Moderate Unreviewed
CVE-2026-2819 was published Feb 20, 2026
A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7... Moderate Unreviewed
CVE-2026-2820 was published Feb 20, 2026
Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows... Moderate Unreviewed
CVE-2025-13671 was published Feb 20, 2026
Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension. Moderate Unreviewed
CVE-2026-2408 was published Feb 20, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. Moderate Unreviewed
CVE-2026-1292 was published Feb 20, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. Moderate Unreviewed
CVE-2026-2605 was published Feb 20, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact... Moderate Unreviewed
CVE-2026-2350 was published Feb 20, 2026
Tanium addressed a SQL injection vulnerability in Asset. Moderate Unreviewed
CVE-2026-2435 was published Feb 20, 2026
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™... Moderate Unreviewed
CVE-2026-1658 was published Feb 20, 2026
Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request... Moderate Unreviewed
CVE-2025-8055 was published Feb 20, 2026
Centrifugo v6.6.0 dependency vulnerabilities Moderate
GHSA-j9wf-6r2x-hqmx was published for github.com/centrifugal/centrifugo/v6 (Go) Feb 19, 2026
samir-is-here
Credited to samir-is-here
OpenClaw safeBins file-existence oracle information disclosure Moderate
GHSA-6c9j-x93c-rw6j was published for openclaw (npm) Feb 19, 2026
nedlir
Credited to nedlir
Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by... Moderate Unreviewed
CVE-2026-2738 was published Feb 19, 2026
Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2026-27328 was published Feb 19, 2026
SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the... Moderate Unreviewed
CVE-2026-27472 was published Feb 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database