Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

3,890 advisories

Loading
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-14533 was published Jan 20, 2026
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-15403 was published Jan 17, 2026
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates... Moderate Unreviewed
CVE-2026-21223 was published Jan 17, 2026
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a... High Unreviewed
CVE-2025-67246 was published Jan 15, 2026
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs.... Critical Unreviewed
CVE-2026-22238 was published Jan 14, 2026
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray... High Unreviewed
CVE-2025-36640 was published Jan 13, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in... Critical Unreviewed
CVE-2025-14736 was published Jan 9, 2026
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products.... Moderate Unreviewed
CVE-2025-66315 was published Jan 9, 2026
RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting Moderate
CVE-2026-22043 was published for rustfs (Rust) Jan 8, 2026
Threonine
Credited to Threonine
The absence of permissions control for the user XXX allows the current configuration in the... High Unreviewed
CVE-2026-22536 was published Jan 7, 2026
Apache StreamPipes has Improper Privilege Management issue Moderate
CVE-2025-47411 was published for org.apache.streampipes:streampipes-parent (Maven) Jan 1, 2026
theshit vulnerable to unsafe loading of user-owned Python rules when running as root High
CVE-2025-69257 was published for theshit (Rust) Dec 30, 2025
AsfhtgkDavid
Credited to AsfhtgkDavid
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write High
CVE-2025-68697 was published for n8n (npm) Dec 26, 2025
berkdedekarginoglu
Credited to berkdedekarginoglu
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control... Moderate Unreviewed
CVE-2025-52599 was published Dec 26, 2025
ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this... Low Unreviewed
CVE-2025-57840 was published Dec 24, 2025
An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE)... High Unreviewed
CVE-2025-67826 was published Dec 22, 2025
The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13619 was published Dec 20, 2025
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper... Moderate Unreviewed
CVE-2025-66173 was published Dec 19, 2025
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to... High Unreviewed
CVE-2023-53908 was published Dec 18, 2025
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1... High Unreviewed
CVE-2025-67792 was published Dec 17, 2025
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25... Critical Unreviewed
CVE-2025-67793 was published Dec 17, 2025
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1... Critical Unreviewed
CVE-2025-67781 was published Dec 17, 2025
The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode... Moderate Unreviewed
CVE-2025-14817 was published Dec 17, 2025
An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to... High Unreviewed
CVE-2025-14252 was published Dec 16, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3,... High Unreviewed
CVE-2025-43512 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database