GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
72 advisories
Filter by severity
The Electron preload script in Logseq exposes an API method that allows the renderer process to...
High
Unreviewed
CVE-2026-47899
was published
Jun 9, 2026
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package...
High
Unreviewed
CVE-2025-14713
was published
May 27, 2026
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with...
High
Unreviewed
CVE-2026-4051
was published
May 26, 2026
PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE
High
CVE-2026-45805
was published
for
@penpot/mcp
(npm)
May 19, 2026
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and...
High
Unreviewed
CVE-2026-33583
was published
May 13, 2026
Nautobot: GitRepository.current_head field should not be writable through REST API
High
CVE-2026-44798
was published
for
nautobot
(pip)
May 13, 2026
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write...
High
Unreviewed
CVE-2026-8108
was published
May 13, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9,...
High
Unreviewed
CVE-2026-5173
was published
Apr 9, 2026
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated...
High
Unreviewed
CVE-2026-3483
was published
Mar 10, 2026
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This...
High
Unreviewed
CVE-2026-20423
was published
Mar 2, 2026
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing...
High
Unreviewed
CVE-2025-47366
was published
Feb 2, 2026
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
High
CVE-2026-22812
was published
for
opencode-ai
(npm)
Jan 13, 2026
Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools
High
CVE-2025-9611
was published
for
@playwright/mcp
(npm)
Jan 7, 2026
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
High
CVE-2025-68697
was published
for
n8n
(npm)
Dec 26, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14494
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14497
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14496
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14495
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14491
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14493
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14488
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14492
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14490
was published
Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2025-14489
was published
Dec 24, 2025
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode
High
CVE-2025-64443
was published
for
github.com/docker/mcp-gateway
(Go)
Dec 3, 2025
ProTip!
Advisories are also available from the
GraphQL API