GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
420 advisories
Filter by severity
repomix contains a local file inclusion vulnerability in the git clone endpoint that allows...
High
Unreviewed
CVE-2026-59703
was published
Jul 8, 2026
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user...
High
Unreviewed
CVE-2025-66389
was published
Jun 22, 2026
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+
cameras may allow a...
Critical
Unreviewed
CVE-2026-40624
was published
Jun 19, 2026
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.
This issue...
High
Unreviewed
CVE-2025-14771
was published
Jun 3, 2026
The administrator account for the
Danelec MacGregor Voyage Data Recorder
web interface can...
Moderate
Unreviewed
CVE-2026-40425
was published
May 29, 2026
IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a...
High
Unreviewed
CVE-2024-56462
was published
May 27, 2026
Files or directories accessible to external parties vulnerability in redis-server component in...
Moderate
Unreviewed
CVE-2024-11399
was published
May 27, 2026
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF)...
Moderate
Unreviewed
CVE-2026-40564
was published
May 26, 2026
Algernon: handler.lua discovery walks parent directories above the server root
Critical
CVE-2026-45721
was published
for
github.com/xyproto/algernon
(Go)
May 19, 2026
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
Unknown
Unreviewed
CVE-2026-8704
was published
May 16, 2026
Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/
Moderate
GHSA-g39v-cvjh-8fpf
was published
for
ha-mcp
(pip)
May 14, 2026
Grafana: SQL Expressions Read File From Disk
Moderate
CVE-2026-33380
was published
for
github.com/grafana/grafana
(Go)
May 13, 2026
An authenticated attacker with the Resource Administrator or Administrator role can modify...
High
Unreviewed
CVE-2026-40631
was published
May 13, 2026
A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource...
Moderate
Unreviewed
CVE-2026-42063
was published
May 13, 2026
Files or directories accessible to external parties in Microsoft Office Word allows an...
Moderate
Unreviewed
CVE-2026-35440
was published
May 12, 2026
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized...
Moderate
Unreviewed
CVE-2026-32185
was published
May 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion...
Critical
Unreviewed
CVE-2026-31216
was published
May 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion...
Critical
Unreviewed
CVE-2026-31215
was published
May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`
High
CVE-2026-45088
was published
for
github.com/hahwul/dalfox/v2
(Go)
May 12, 2026
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15...
High
Unreviewed
CVE-2026-39871
was published
May 11, 2026
pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
High
CVE-2026-7817
was published
for
pgadmin4
(pip)
May 11, 2026
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening
Moderate
GHSA-cqmh-pcgr-q42f
was published
for
@axonflow/openclaw
(npm)
May 6, 2026
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly...
Moderate
Unreviewed
CVE-2026-5335
was published
May 4, 2026
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its...
High
Unreviewed
CVE-2025-7389
was published
Apr 14, 2026
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the...
Critical
Unreviewed
CVE-2019-25709
was published
Apr 12, 2026
ProTip!
Advisories are also available from the
GraphQL API