Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,795 advisories

Loading
CediPay Affected by Improper Input Validation in Payment Processing High
CVE-2026-26063 was published for cedipay-core (npm) Feb 12, 2026
Cube Core is vulnerable to privilege escalation via a specially crafted request High
CVE-2026-25958 was published for @cubejs-backend/server-core (npm) Feb 10, 2026
ovr
Credited to ovr
FUXA Affected by a Path Traversal Sanitization Bypass High
CVE-2026-25951 was published for fuxa-server (npm) Feb 10, 2026
h1dr1
Credited to h1dr1
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig High
CVE-2026-25639 was published for axios (npm) Feb 9, 2026
hackerman70000
Credited to hackerman70000
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions High
CVE-2026-1615 was published for jsonpath (npm) Feb 9, 2026
saivarun3407
Credited to saivarun3407
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection High
CVE-2026-25762 was published for @adonisjs/bodyparser (npm) Feb 6, 2026
ZeroXJacks
Credited to ZeroXJacks
AdonisJS multipart body parsing has Prototype Pollution issue High
CVE-2026-25754 was published for @adonisjs/bodyparser (npm) Feb 6, 2026
RomainLanz
Credited to RomainLanz
Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json High
CVE-2026-25725 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions High
CVE-2026-25723 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection High
CVE-2026-25722 was published for @anthropic-ai/claude-code (npm) Feb 6, 2026
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply High
CVE-2026-25593 was published for openclaw (npm) Feb 4, 2026
hackerman70000
Credited to hackerman70000
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse High
CVE-2026-25536 was published for @modelcontextprotocol/sdk (npm) Feb 4, 2026
gh-arpeet ahabian
Credited to gh-arpeet and ahabian
godot-mcp has Command Injection via unsanitized projectPath High
CVE-2026-25546 was published for @coding-solo/godot-mcp (npm) Feb 4, 2026
TianYu-0829 wcole3
Coding-Solo
Credited to TianYu-0829, wcole3, and Coding-Solo
n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node High
CVE-2026-25055 was published for n8n (npm) Feb 4, 2026
nkoorty jjjutla
Credited to nkoorty and jjjutla
n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI High
CVE-2026-25054 was published for n8n (npm) Feb 4, 2026
MyLong
Credited to MyLong
n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS High
CVE-2026-25051 was published for n8n (npm) Feb 4, 2026
weblover12
Credited to weblover12
Apollo Serve vulnerable to Denial of Service with `startStandaloneServer` High
CVE-2026-23897 was published for @apollo/server (npm) Feb 4, 2026
ChALkeR
Credited to ChALkeR
n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner High
CVE-2025-61917 was published for n8n (npm) Feb 4, 2026
@isaacs/brace-expansion has Uncontrolled Resource Consumption High
CVE-2026-25547 was published for @isaacs/brace-expansion (npm) Feb 3, 2026
Jvr2022 intrigus-lgtm
Credited to Jvr2022 and intrigus-lgtm
Claude Code has a Command Injection in find Command Bypasses User Approval Prompt High
CVE-2026-24887 was published for @anthropic-ai/claude-code (npm) Feb 3, 2026
Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes High
CVE-2026-24053 was published for @anthropic-ai/claude-code (npm) Feb 3, 2026
Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains High
CVE-2026-24052 was published for @anthropic-ai/claude-code (npm) Feb 3, 2026
FUXA contains an insecure default configuration vulnerability High
CVE-2025-69970 was published for fuxa-server (npm) Feb 3, 2026
FUXA contains a hard-coded credential vulnerability High
CVE-2025-69971 was published for fuxa-server (npm) Feb 3, 2026
FUXA contains an Unrestricted File Upload vulnerability High
CVE-2025-69981 was published for fuxa-server (npm) Feb 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database