Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

13,275 advisories

Loading
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The... Low Unreviewed
CVE-2025-66603 was published Feb 9, 2026
LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic Low
GHSA-vhvq-fv9f-wh4q was published for github.com/authzed/spicedb (Go) Feb 6, 2026
1seal
Credited to 1seal
Tanium addressed a denial of service vulnerability in Tanium Client. Low Unreviewed
CVE-2025-15320 was published Feb 6, 2026
Claude Code has Permission Deny Bypass Through Symbolic Links Low
CVE-2026-25724 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
Neo4j Enterprise and Community editions have insufficient escaping of unicode characters in query log Low
CVE-2026-1337 was published for org.neo4j:neo4j (Maven) Feb 6, 2026
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d.... Low Unreviewed
CVE-2026-2010 was published Feb 6, 2026
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device... Low Unreviewed
CVE-2026-25815 was published Feb 6, 2026
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. Low Unreviewed
CVE-2025-15323 was published Feb 5, 2026
Tanium addressed an improper input validation vulnerability in Tanium Appliance. Low Unreviewed
CVE-2025-15321 was published Feb 5, 2026
Tanium addressed an improper access controls vulnerability in Interact. Low Unreviewed
CVE-2025-15289 was published Feb 5, 2026
webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior Low
CVE-2025-68458 was published for webpack (npm) Feb 5, 2026
HanJeouk alexander-akait
Credited to HanJeouk and alexander-akait
webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence Low
CVE-2025-68157 was published for webpack (npm) Feb 5, 2026
HanJeouk alexander-akait
Credited to HanJeouk and alexander-akait
Microweber has a Cross-site Scripting vulnerability Low
CVE-2025-70791 was published for microweber/microweber (Composer) Feb 5, 2026
Microweber Cross-site Scripting vulnerability Low
CVE-2025-70792 was published for microweber/microweber (Composer) Feb 5, 2026
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the... Low Unreviewed
CVE-2026-1966 was published Feb 5, 2026
It was possible to improperly access the parent directory of an os.Root by opening a filename... Low Unreviewed
CVE-2025-22873 was published Feb 5, 2026
A security vulnerability has been detected in WeKan up to 8.20. This affects the function... Low Unreviewed
CVE-2026-1892 was published Feb 5, 2026
Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager Low
CVE-2026-22254 was published for winter/wn-cms-module (Composer) Feb 4, 2026
iamunixtz
Credited to iamunixtz
IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a... Low Unreviewed
CVE-2025-1823 was published Feb 4, 2026
IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain... Low Unreviewed
CVE-2025-27550 was published Feb 4, 2026
IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system... Low Unreviewed
CVE-2025-2134 was published Feb 4, 2026
git2 has potential undefined behavior when dereferencing Buf struct Low
GHSA-j39j-6gw9-jw6h was published for git2 (Rust) Feb 4, 2026
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an... Low Unreviewed
CVE-2026-20732 was published Feb 4, 2026
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow... Low Unreviewed
CVE-2026-20730 was published Feb 4, 2026
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and... Low Unreviewed
CVE-2026-1791 was published Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database