Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,998 advisories

Loading
Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager Low
CVE-2026-22254 was published for winter/wn-cms-module (Composer) Feb 4, 2026
iamunixtz Credited to iamunixtz
EVE Freely Allocates Buffer on The Stack With Data From Socket Moderate
CVE-2023-43632 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE: SSH as Root Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43631 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Measure Config Partition From 2 Fronts Moderate
CVE-2023-43630 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
git2 has potential undefined behavior when dereferencing Buf struct Low
GHSA-j39j-6gw9-jw6h was published for git2 (Rust) Feb 4, 2026
EPyT-Flow vulnerable to unsafe JSON deserialization (__type__) Critical
CVE-2026-25632 was published for epyt-flow (pip) Feb 4, 2026
syphonetic Credited to syphonetic
n8n's domain allowlist bypass enables credential exfiltration Moderate
CVE-2026-25631 was published for n8n (npm) Feb 4, 2026
weblover12 Credited to weblover12
openmls has improper tag validation High
GHSA-8x3w-qj7j-gqhf was published for openmls (Rust) Feb 4, 2026
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern Critical
CVE-2025-62878 was published for github.com/rancher/local-path-provisioner (Go) Feb 4, 2026
survey-pdf Upgraded jsPDF Version Due to Security Vulnerability Critical
CVE-2026-25630 was published for survey-pdf (npm) Feb 4, 2026
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply High
CVE-2026-25593 was published for openclaw (npm) Feb 4, 2026
hackerman70000 Credited to hackerman70000
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse High
CVE-2026-25536 was published for @modelcontextprotocol/sdk (npm) Feb 4, 2026
gh-arpeet Credited to gh-arpeet and ahabian ahabian ahabian
godot-mcp has Command Injection via unsanitized projectPath High
CVE-2026-25546 was published for @coding-solo/godot-mcp (npm) Feb 4, 2026
TianYu-0829 Credited to TianYu-0829, wcole3, and Coding-Solo wcole3 wcole3
Coding-Solo Coding-Solo
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage High
CVE-2026-25538 was published for github.com/devtron-labs/devtron (Go) Feb 4, 2026
b0b0haha Credited to b0b0haha, spingARbor, and lixingquzhi spingARbor spingARbor
lixingquzhi lixingquzhi
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie Credited to MarcoPoloPie and c0rydoras c0rydoras c0rydoras
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340 Credited to nlgbao1340
n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node High
CVE-2026-25055 was published for n8n (npm) Feb 4, 2026
nkoorty Credited to nkoorty and jjjutla jjjutla jjjutla
n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI High
CVE-2026-25054 was published for n8n (npm) Feb 4, 2026
MyLong Credited to MyLong
OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction Moderate
CVE-2026-25475 was published for openclaw (npm) Feb 4, 2026
jasonsutter87 Credited to jasonsutter87 and evanotero evanotero evanotero
Alist vulnerable to Path Traversal in multiple file operation handlers High
CVE-2026-25161 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam Credited to XlabAITeam, A7um, and okatu-loli A7um A7um
okatu-loli okatu-loli
Alist has Insecure TLS Config Critical
CVE-2026-25160 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam Credited to XlabAITeam, A7um, and okatu-loli A7um A7um
okatu-loli okatu-loli
n8n has OS Command Injection in Git Node Critical
CVE-2026-25053 was published for n8n (npm) Feb 4, 2026
fatihhcelik Credited to fatihhcelik, simonkoeck, and yadhukrishnam simonkoeck simonkoeck
yadhukrishnam yadhukrishnam
n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users Critical
CVE-2026-25052 was published for n8n (npm) Feb 4, 2026
theolelasseux Credited to theolelasseux
n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS High
CVE-2026-25051 was published for n8n (npm) Feb 4, 2026
weblover12 Credited to weblover12
n8n Has Expression Escape Vulnerability Leading to RCE Critical
CVE-2026-25049 was published for n8n (npm) Feb 4, 2026
fatihhcelik Credited to fatihhcelik, eilonc-pillar, cristianstaicu, sandeepl337, nickcopi, joshft, yadhukrishnam, doyler, zolbooo, and nnfrog eilonc-pillar eilonc-pillar
cristianstaicu cristianstaicu sandeepl337 sandeepl337 nickcopi nickcopi joshft joshft yadhukrishnam yadhukrishnam doyler doyler zolbooo zolbooo nnfrog nnfrog
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database