Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,471 advisories

Loading
Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in... High Unreviewed
CVE-2026-29126 was published Mar 5, 2026
IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local... High Unreviewed
CVE-2026-29125 was published Mar 5, 2026
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get... Moderate Unreviewed
CVE-2025-41712 was published Mar 10, 2026
Credentials are not deleted from Acronis Agent after plan revocation. The following products are... Moderate Unreviewed
CVE-2025-11790 was published Mar 6, 2026
Sensitive information disclosure due to improper configuration of a headless browser. The... Moderate Unreviewed
CVE-2026-28725 was published Mar 6, 2026
Credentials are not deleted from Acronis Agent after plan revocation. The following products are... Moderate Unreviewed
CVE-2025-30413 was published Mar 6, 2026
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check Critical
CVE-2026-29188 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 4, 2026
fg0x0 Credited to fg0x0 and hacdias hacdias hacdias
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded... Moderate Unreviewed
CVE-2025-70342 was published Mar 4, 2026
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0... Moderate Unreviewed
CVE-2025-14604 was published Mar 3, 2026
AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to... High Unreviewed
CVE-2025-14979 was published Jan 6, 2026
iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged... High Unreviewed
CVE-2026-2637 was published Mar 3, 2026
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly... Critical Unreviewed
CVE-2026-21902 was published Feb 25, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26102 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26101 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26095 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... High Unreviewed
CVE-2026-26096 was published Feb 20, 2026
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File... Moderate Unreviewed
CVE-2026-26100 was published Feb 20, 2026
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers Credited to joshbressers
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an... Moderate Unreviewed
CVE-2024-11176 was published Nov 20, 2024
Kata Container to Guest micro VM privilege escalation Moderate
CVE-2026-24834 was published for github.com/kata-containers/kata-containers/src/runtime (Go) Feb 19, 2026
kostya-oai Credited to kostya-oai, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. Moderate Unreviewed
CVE-2026-1344 was published Feb 18, 2026
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system... High Unreviewed
CVE-2025-33088 was published Feb 18, 2026
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system... High Unreviewed
CVE-2026-23648 was published Feb 17, 2026
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to... High Unreviewed
CVE-2019-25343 was published Feb 12, 2026
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local... High Unreviewed
CVE-2019-25344 was published Feb 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database