Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,522
NuGet
785
pip
4,262
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

13,106 advisories

Loading
Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy Low
CVE-2026-25050 was published for @vendure/core (npm) Jan 30, 2026
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote... Low Unreviewed
CVE-2025-15497 was published Jan 30, 2026
Llama Stack exposes secret in initialization log Low
CVE-2026-25211 was published for llama-stack (pip) Jan 30, 2026
Tanium addressed an improper access controls vulnerability in Interact. Low Unreviewed
CVE-2025-15288 was published Jan 29, 2026
Juju has broken CMR authorization Low
CVE-2026-1237 was published for github.com/juju/juju (Go) Jan 29, 2026
In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU... Low Unreviewed
CVE-2026-23553 was published Jan 28, 2026
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success... Low Unreviewed
CVE-2026-24883 was published Jan 27, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6... Low Unreviewed
CVE-2026-24870 was published Jan 27, 2026
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs... Low Unreviewed
CVE-2026-1485 was published Jan 27, 2026
sigstore CSRF possibility in OIDC authentication during signing Low
CVE-2026-24408 was published for sigstore (pip) Jan 26, 2026
jku
Credited to jku
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a... Low Unreviewed
CVE-2025-9521 was published Jan 26, 2026
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may... Low Unreviewed
CVE-2025-9615 was published Jan 26, 2026
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods Low
CVE-2026-1190 was published for org.keycloak:keycloak-services (Maven) Jan 26, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include... Low Unreviewed
CVE-2026-24439 was published Jan 26, 2026
Tanium addressed an improper input validation vulnerability in Discover. Low Unreviewed
CVE-2026-0925 was published Jan 26, 2026
Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector Low
CVE-2026-24656 was published for org.apache.karaf.decanter.collector:org.apache.karaf.decanter.collector.log.socket (Maven) Jan 26, 2026
A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability... Low Unreviewed
CVE-2026-1408 was published Jan 26, 2026
A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This... Low Unreviewed
CVE-2026-1409 was published Jan 26, 2026
A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an... Low Unreviewed
CVE-2026-1407 was published Jan 26, 2026
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for... Low Unreviewed
CVE-2026-0633 was published Jan 24, 2026
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler... Low Unreviewed
CVE-2026-24515 was published Jan 23, 2026
Gitea has improper access control for uploaded attachments Low
CVE-2026-20736 was published for code.gitea.io/gitea (Go) Jan 23, 2026
Gitea improperly exposes issue and pull request titles Low
CVE-2026-20800 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea improperly exposes issue titles and repository names through previously started stopwatches Low
CVE-2026-20883 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea may send release notification emails for private repositories to users whose access has been revoked Low
CVE-2026-0798 was published for code.gitea.io/gitea (Go) Jan 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database