Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,043
Maven
5,000+
npm
4,781
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

291,421 advisories

Loading
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2019-25496 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials... Critical Unreviewed
CVE-2026-27751 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that... High Unreviewed
CVE-2019-25494 was published Feb 27, 2026
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25490 was published Feb 27, 2026
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication... High Unreviewed
CVE-2026-2293 was published Feb 27, 2026
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25489 was published Feb 27, 2026
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2019-25497 was published Feb 27, 2026
PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain... Unknown Unreviewed
CVE-2025-69437 was published Feb 27, 2026
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting (XSS... Unknown Unreviewed
CVE-2026-26862 was published Feb 27, 2026
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2019-25495 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25492 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass... Moderate Unreviewed
CVE-2026-27753 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25493 was published Feb 27, 2026
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via... Unknown Unreviewed
CVE-2026-26861 was published Feb 27, 2026
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to... High Unreviewed
CVE-2019-25491 was published Feb 27, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials... High Unreviewed
CVE-2026-27752 was published Feb 27, 2026
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket... Critical Unreviewed
CVE-2026-2749 was published Feb 27, 2026
The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3... Unknown Unreviewed
CVE-2026-3277 was published Feb 27, 2026
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on... Critical Unreviewed
CVE-2026-2750 was published Feb 27, 2026
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a... Moderate Unreviewed
CVE-2026-3327 was published Feb 27, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-11950 was published Feb 27, 2026
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google... High Unreviewed
CVE-2026-3223 was published Feb 27, 2026
Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into... Critical Unreviewed
CVE-2025-15498 was published Feb 27, 2026
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in... High Unreviewed
CVE-2026-2751 was published Feb 27, 2026
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex)... High Unreviewed
CVE-2025-10990 was published Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database