Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,957
Maven
5,000+
npm
4,607
NuGet
788
pip
4,307
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

119 advisories

Loading
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing... High Unreviewed
CVE-2025-47366 was published Feb 2, 2026
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution High
CVE-2026-22812 was published for opencode-ai (npm) Jan 13, 2026
CyberShadow
Credited to CyberShadow
Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools High
CVE-2025-9611 was published for @playwright/mcp (npm) Jan 7, 2026
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write High
CVE-2025-68697 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu
Credited to berkdedekarginoglu
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14497 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14496 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14495 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14494 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14491 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14492 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14488 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14493 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14490 was published Dec 24, 2025
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability.... High Unreviewed
CVE-2025-14489 was published Dec 24, 2025
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in... Moderate Unreviewed
CVE-2025-59788 was published Dec 4, 2025
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode High
CVE-2025-64443 was published for github.com/docker/mcp-gateway (Go) Dec 3, 2025
JLLeitschuh
Credited to JLLeitschuh
Memory corruption while processing request sent from GVM. High Unreviewed
CVE-2025-47353 was published Nov 4, 2025
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for... Moderate Unreviewed
CVE-2025-59403 was published Oct 2, 2025
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying... Critical Unreviewed
CVE-2025-53964 was published Jul 17, 2025
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an... High Unreviewed
CVE-2025-37097 was published Jul 1, 2025
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Credited to mtausig and hacdias
Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information... Moderate Unreviewed
CVE-2025-5823 was published Jun 26, 2025
WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability.... High Unreviewed
CVE-2025-5748 was published Jun 6, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
Credited to sapphi-red
A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted ... Moderate Unreviewed
CVE-2025-48415 was published May 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database