Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

291,432 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2026-3010 was published Feb 28, 2026
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows... Critical Unreviewed
CVE-2026-2844 was published Feb 28, 2026
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up... High Unreviewed
CVE-2026-2471 was published Feb 28, 2026
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL... High Unreviewed
CVE-2025-13673 was published Feb 28, 2026
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which... Unknown Unreviewed
CVE-2026-1542 was published Feb 28, 2026
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Unknown Unreviewed
CVE-2026-2647 was published Feb 28, 2026
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability... Critical Unreviewed
CVE-2026-28517 was published Feb 28, 2026
openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability... Critical Unreviewed
CVE-2026-28515 was published Feb 28, 2026
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config... Critical Unreviewed
CVE-2026-28516 was published Feb 28, 2026
Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7... Moderate Unreviewed
CVE-2026-27759 was published Feb 28, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery... Moderate Unreviewed
CVE-2026-27758 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication... High Unreviewed
CVE-2026-27757 was published Feb 27, 2026
Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an... Low Unreviewed
CVE-2026-22717 was published Feb 27, 2026
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the... Unknown Unreviewed
CVE-2026-3255 was published Feb 27, 2026
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided... Unknown Unreviewed
CVE-2018-25160 was published Feb 27, 2026
Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an... Moderate Unreviewed
CVE-2026-22716 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5... Moderate Unreviewed
CVE-2026-27754 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site... Moderate Unreviewed
CVE-2026-27756 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier... Critical Unreviewed
CVE-2026-27755 was published Feb 27, 2026
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication... High Unreviewed
CVE-2026-2293 was published Feb 27, 2026
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25489 was published Feb 27, 2026
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2019-25497 was published Feb 27, 2026
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2019-25495 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25492 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass... Moderate Unreviewed
CVE-2026-27753 was published Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database