Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,925
Maven
5,000+
npm
4,578
NuGet
786
pip
4,290
Pub
12
RubyGems
979
Rust
1,112
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,859 advisories

Loading
FUXA Unauthenticated Remote Arbitrary Device Tag Write Critical
GHSA-ggxw-g3cp-mgf8 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API Critical
GHSA-88qh-cphv-996c was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration Critical
GHSA-32cc-x95p-fxcg was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Exposure of Plaintext Database Credentials Critical
GHSA-c5gq-4h56-4mmx was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
GHSA-vwcg-c828-9822 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
EVE Has Partially Predetermined Vault Key Moderate
CVE-2023-43637 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Rootfs Moderate
CVE-2023-43636 was published for github.com/lf-edge/eve/pkg/grub (Go) Feb 4, 2026
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Config Partition with Measured Boot Moderate
CVE-2023-43634 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE's Debug Functions Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43633 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager Low
CVE-2026-22254 was published for winter/wn-cms-module (Composer) Feb 4, 2026
iamunixtz
Credited to iamunixtz
EVE Freely Allocates Buffer on The Stack With Data From Socket Moderate
CVE-2023-43632 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE: SSH as Root Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43631 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Measure Config Partition From 2 Fronts Moderate
CVE-2023-43630 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
git2 has potential undefined behavior when dereferencing Buf struct Low
GHSA-j39j-6gw9-jw6h was published for git2 (Rust) Feb 4, 2026
EPyT-Flow vulnerable to unsafe JSON deserialization (__type__) Critical
GHSA-74vm-8frp-7w68 was published for epyt-flow (pip) Feb 4, 2026
syphonetic
Credited to syphonetic
n8n's domain allowlist bypass enables credential exfiltration Moderate
GHSA-2xcx-75h9-vr9h was published for n8n (npm) Feb 4, 2026
openmls has improper tag validation High
GHSA-8x3w-qj7j-gqhf was published for openmls (Rust) Feb 4, 2026
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern Critical
CVE-2025-62878 was published for github.com/rancher/local-path-provisioner (Go) Feb 4, 2026
survey-pdf Upgraded jsPDF Version Due to Security Vulnerability Critical
GHSA-h3q6-jfrg-3x6q was published for survey-pdf (npm) Feb 4, 2026
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply High
CVE-2026-25593 was published for openclaw (npm) Feb 4, 2026
hackerman70000
Credited to hackerman70000
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse High
CVE-2026-25536 was published for @modelcontextprotocol/sdk (npm) Feb 4, 2026
gh-arpeet ahabian
Credited to gh-arpeet and ahabian
godot-mcp has Command Injection via unsanitized projectPath High
CVE-2026-25546 was published for @coding-solo/godot-mcp (npm) Feb 4, 2026
Coding-Solo
Credited to Coding-Solo
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage High
CVE-2026-25538 was published for github.com/devtron-labs/devtron (Go) Feb 4, 2026
b0b0haha spingARbor
lixingquzhi
Credited to b0b0haha, spingARbor, and lixingquzhi
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie c0rydoras
Credited to MarcoPoloPie and c0rydoras
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database