Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,957
Maven
5,000+
npm
4,607
NuGet
788
pip
4,307
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

3,910 advisories

Loading
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate... High Unreviewed
CVE-2026-21533 was published Feb 10, 2026
Craft CMS: GraphQL Asset Mutation Privilege Escalation High
CVE-2026-25497 was published for craftcms/cms (Composer) Feb 9, 2026
vitalysim
Credited to vitalysim
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... Critical Unreviewed
CVE-2025-15027 was published Feb 8, 2026
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all... High Unreviewed
CVE-2025-15100 was published Feb 8, 2026
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component... High Unreviewed
CVE-2025-69875 was published Feb 3, 2026
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset... Critical Unreviewed
CVE-2025-15030 was published Feb 2, 2026
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. High Unreviewed
CVE-2025-13176 was published Jan 30, 2026
Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access... Moderate Unreviewed
CVE-2025-6723 was published Jan 30, 2026
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password... High Unreviewed
CVE-2025-14975 was published Jan 29, 2026
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be... Moderate Unreviewed
CVE-2025-13918 was published Jan 28, 2026
WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is... High Unreviewed
CVE-2025-13917 was published Jan 28, 2026
Kyverno Cross-Namespace Privilege Escalation via Policy apiCall Critical
CVE-2026-22039 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev
Credited to thevilledev
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System... High Unreviewed
CVE-2025-59094 was published Jan 26, 2026
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User... Critical Unreviewed
CVE-2026-0920 was published Jan 22, 2026
Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims Moderate
CVE-2026-23990 was published for github.com/controlplaneio-fluxcd/flux-operator (Go) Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-21981 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21957 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2026-21963 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21983 was published Jan 21, 2026
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-14533 was published Jan 20, 2026
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-15403 was published Jan 17, 2026
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates... Moderate Unreviewed
CVE-2026-21223 was published Jan 17, 2026
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a... High Unreviewed
CVE-2025-67246 was published Jan 15, 2026
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs.... Critical Unreviewed
CVE-2026-22238 was published Jan 14, 2026
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray... High Unreviewed
CVE-2025-36640 was published Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database