Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,043
Maven
5,000+
npm
4,781
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

119,550 advisories

Loading
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API High
CVE-2026-27946 was published for github.com/zitadel/zitadel (Go) Feb 27, 2026
livio-a Credited to livio-a and IAM-marco IAM-marco IAM-marco
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint High
CVE-2026-27836 was published for thorsten/phpmyfaq (Composer) Feb 27, 2026
Offensive-AI Credited to Offensive-AI
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints High
CVE-2026-27449 was published for Umbraco.Engage.Forms (NuGet) Feb 27, 2026
Angular i18n vulnerable to Cross-Site Scripting High
CVE-2026-27970 was published for @angular/core (npm) Feb 27, 2026
AndrewKushnir Credited to AndrewKushnir, josephperrott, alan-agius4, and dgp1130 josephperrott josephperrott
alan-agius4 alan-agius4 dgp1130 dgp1130
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2019-25496 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that... High Unreviewed
CVE-2019-25494 was published Feb 27, 2026
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25490 was published Feb 27, 2026
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication... High Unreviewed
CVE-2026-2293 was published Feb 27, 2026
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25489 was published Feb 27, 2026
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2019-25497 was published Feb 27, 2026
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2019-25495 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25492 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25493 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25491 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials... High Unreviewed
CVE-2026-27752 was published Feb 27, 2026
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google... High Unreviewed
CVE-2026-3223 was published Feb 27, 2026
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in... High Unreviewed
CVE-2026-2751 was published Feb 27, 2026
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex)... High Unreviewed
CVE-2025-10990 was published Feb 27, 2026
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI... High Unreviewed
CVE-2026-21659 was published Feb 27, 2026
IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue.... High Unreviewed
CVE-2026-27776 was published Feb 27, 2026
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component... High Unreviewed
CVE-2026-0980 was published Feb 27, 2026
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some... High Unreviewed
CVE-2025-15509 was published Feb 27, 2026
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request... High Unreviewed
CVE-2026-2252 was published Feb 27, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick... High Unreviewed
CVE-2026-21656 was published Feb 27, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick... High Unreviewed
CVE-2026-21657 was published Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database