Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,800
Maven
5,000+
npm
4,426
NuGet
773
pip
4,199
Pub
12
RubyGems
968
Rust
1,086
Swift
47
Unreviewed advisories
All unreviewed
5,000+

116,815 advisories

Loading
A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this... High Unreviewed
CVE-2026-0840 was published Jan 11, 2026
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function... High Unreviewed
CVE-2026-0841 was published Jan 11, 2026
A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of... High Unreviewed
CVE-2026-0839 was published Jan 11, 2026
A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of... High Unreviewed
CVE-2026-0837 was published Jan 11, 2026
A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function... High Unreviewed
CVE-2026-0836 was published Jan 11, 2026
A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy... High Unreviewed
CVE-2026-0838 was published Jan 11, 2026
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in... High Unreviewed
CVE-2025-13457 was published Jan 10, 2026
A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8... High Unreviewed
CVE-2025-15501 was published Jan 10, 2026
A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8... High Unreviewed
CVE-2025-15499 was published Jan 10, 2026
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8.... High Unreviewed
CVE-2025-15500 was published Jan 10, 2026
SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt() High
CVE-2026-22699 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam
Credited to XlabAITeam
Fickling vulnerable to detection bypass due to "builtins" blindness High
CVE-2026-22612 was published for fickling (pip) Jan 9, 2026
0x-Apollyon
Credited to 0x-Apollyon
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam
Credited to XlabAITeam
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an... High Unreviewed
CVE-2025-67070 was published Jan 9, 2026
Processing specially crafted workspace folder names could allow for arbitrary command injection... High Unreviewed
CVE-2026-0830 was published Jan 9, 2026
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist High
CVE-2026-22609 was published for fickling (pip) Jan 9, 2026
mldangelo
Credited to mldangelo
Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection High
CVE-2026-22608 was published for fickling (pip) Jan 9, 2026
0x-Apollyon
Credited to 0x-Apollyon
Fickling Blocklist Bypass: cProfile.run() High
CVE-2026-22607 was published for fickling (pip) Jan 9, 2026
beneaththecode
Credited to beneaththecode
Fickling has a bypass via runpy.run_path() and runpy.run_module() High
CVE-2026-22606 was published for fickling (pip) Jan 9, 2026
beneaththecode
Credited to beneaththecode
jose-swift has JWT Signature Verification Bypass via None Algorithm High
GHSA-88q6-jcjg-hvmw was published for github.com/beatt83/jose-swift (Swift) Jan 9, 2026
snyff
Credited to snyff
WeKnora vulnerable to SQL Injection High
CVE-2026-22687 was published for github.com/Tencent/WeKnora (Go) Jan 9, 2026
passer-W
Credited to passer-W
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes High
CVE-2026-22610 was published for @angular/compiler (npm) Jan 9, 2026
alan-agius4 josephperrott
AndrewKushnir hybrist ShelbyKelley gkalpak
Credited to alan-agius4, josephperrott, AndrewKushnir, hybrist, ShelbyKelley, and gkalpak
GestSup versions up to and including 3.2.56 contain a SQL injection vulnerability in the search... High Unreviewed
CVE-2026-22195 was published Jan 9, 2026
GestSup versions up to and including 3.2.56 contain a cross-site request forgery (CSRF)... High Unreviewed
CVE-2026-22194 was published Jan 9, 2026
GestSup versions up to and including 3.2.56 contain multiple SQL injection vulnerabilities in the... High Unreviewed
CVE-2026-22197 was published Jan 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database