Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,957
Maven
5,000+
npm
4,607
NuGet
788
pip
4,307
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,988 advisories

Loading
File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL High
CVE-2026-25890 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 10, 2026
Fluxmux hacdias
Credited to Fluxmux and hacdias
Harden-Runner: Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier) Moderate
CVE-2026-25598 was published for step-security/harden-runner (GitHub Actions) Feb 9, 2026
devanshbatham
Credited to devanshbatham
Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due... High Unreviewed
CVE-2026-25859 was published Feb 8, 2026
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user... High Unreviewed
CVE-2026-25566 was published Feb 8, 2026
WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API... High Unreviewed
CVE-2026-25565 was published Feb 8, 2026
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The... High Unreviewed
CVE-2026-25561 was published Feb 8, 2026
WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance... High Unreviewed
CVE-2026-25568 was published Feb 8, 2026
Gogs user can update repository content with read-only permission Moderate
CVE-2026-23632 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
OpenFGA Improper Policy Enforcement Moderate
CVE-2026-24851 was published for github.com/openfga/openfga (Go) Feb 5, 2026
Tanium addressed an improper access controls vulnerability in Reputation. Moderate Unreviewed
CVE-2025-15342 was published Feb 5, 2026
Tanium addressed an improper input validation vulnerability in Tanium Appliance. Low Unreviewed
CVE-2025-15321 was published Feb 5, 2026
OpenCloud Reva has a Public Link Exploit High
CVE-2026-23989 was published for github.com/opencloud-eu/reva/v2 (Go) Feb 5, 2026
rhafer aduffeck
dragotin micbar
Credited to rhafer, aduffeck, dragotin, and micbar
Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior... High Unreviewed
CVE-2026-23572 was published Feb 5, 2026
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue... Moderate Unreviewed
CVE-2026-1553 was published Feb 4, 2026
Moodle has an authorization logic flaw Moderate
CVE-2025-67856 was published for moodle/moodle (Composer) Feb 3, 2026
IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to... Moderate Unreviewed
CVE-2025-15395 was published Feb 2, 2026
The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-15525 was published Jan 31, 2026
Tanium addressed an improper access controls vulnerability in Tanium Server. Moderate Unreviewed
CVE-2025-15322 was published Jan 30, 2026
Tanium addressed an improper access controls vulnerability in Interact. Low Unreviewed
CVE-2025-15288 was published Jan 29, 2026
AutoGPT is Vulnerable to RCE via Disabled Block Execution High
CVE-2026-24780 was published for agpt (pip) Jan 29, 2026
rahulgovind
Credited to rahulgovind
Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue... Unknown Unreviewed
CVE-2025-13985 was published Jan 28, 2026
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to... High Unreviewed
CVE-2020-36969 was published Jan 28, 2026
Official Document Management System developed by 2100 Technology has a Incorrect Authorization... High Unreviewed
CVE-2026-1514 was published Jan 28, 2026
Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access Moderate
CVE-2026-24748 was published for github.com/akuity/kargo (Go) Jan 27, 2026
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote... High Unreviewed
CVE-2020-36948 was published Jan 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database