Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

26,046 advisories

Loading
actix-files has a possible exposure of information vulnerability Moderate
GHSA-8v2v-wjwg-vx6r was published for actix-files (Rust) Feb 6, 2026
Angelmmiguel JohnTitor
Credited to Angelmmiguel and JohnTitor
client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect Moderate
CVE-2026-25651 was published for client-certificate-auth (npm) Feb 6, 2026
MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token High
CVE-2026-25650 was published for mcp-salesforce-connector (pip) Feb 6, 2026
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL High
CVE-2026-25640 was published for pydantic-ai (pip) Feb 6, 2026
doredry urioren
amiteliahu
Credited to doredry, urioren, and amiteliahu
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK Critical
CVE-2026-25592 was published for Microsoft.SemanticKernel.Core (NuGet) Feb 6, 2026
doredry amiteliahu
urioren
Credited to doredry, amiteliahu, and urioren
SCEditor has DOM XSS via emoticon URL/HTML injection Moderate
CVE-2026-25581 was published for sceditor (npm) Feb 6, 2026
sofianeelhor
Credited to sofianeelhor
Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling High
CVE-2026-25580 was published for pydantic-ai (pip) Feb 6, 2026
YuvalElbar6 doredry
Credited to YuvalElbar6 and doredry
Gophish is vulnerable to Incorrect Access Control Moderate
CVE-2025-70963 was published for github.com/gophish/gophish (Go) Feb 6, 2026
Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering High
CVE-2025-13523 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Feb 6, 2026
OpenSTAManager has a SQL Injection in the Prima Nota module High
CVE-2026-24419 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak
Credited to lukasz-rybak
OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module High
CVE-2026-24418 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak
Credited to lukasz-rybak
OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service High
CVE-2026-24417 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak
Credited to lukasz-rybak
OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module High
CVE-2026-24416 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak
Credited to lukasz-rybak
Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update High
CVE-2026-24135 was published for gogs.io/gogs (Go) Feb 6, 2026
reschjonas
Credited to reschjonas
Gogs has arbitrary file read/write via Path Traversal in Git hook editing Moderate
CVE-2026-23633 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Gogs user can update repository content with read-only permission Moderate
CVE-2026-23632 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Gogs has a Denial of Service issue Moderate
CVE-2026-22592 was published for gogs.io/gogs (Go) Feb 6, 2026
Neptunium931
Credited to Neptunium931
OpenSTAManager has a SQL Injection in Scadenzario Print Template High
CVE-2025-69216 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak
Credited to lukasz-rybak
OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint) High
CVE-2025-69214 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak
Credited to lukasz-rybak
OpenSTAManager has an OS Command Injection in P7M File Processing Critical
CVE-2025-69212 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak
Credited to lukasz-rybak
Gogs Vulnerable to 2FA Bypass via Recovery Code High
CVE-2025-64175 was published for gogs.io/gogs (Go) Feb 6, 2026
Gogs's update .git/config file allows remote command execution Critical
CVE-2025-64111 was published for gogs.io/gogs (Go) Feb 6, 2026
ROPShell
Credited to ROPShell
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log Low
CVE-2026-1337 was published for org.neo4j:neo4j (Maven) Feb 6, 2026
Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) Moderate
CVE-2026-25760 was published for github.com/bishopfox/sliver (Go) Feb 5, 2026
xtle0o0
Credited to xtle0o0
OpenFGA Improper Policy Enforcement Moderate
CVE-2026-24851 was published for github.com/openfga/openfga (Go) Feb 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database