Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,938 advisories

Loading
JinJava Bypass through ForTag leads to Arbitrary Java Execution Critical
CVE-2026-25526 was published for com.hubspot.jinjava:jinjava (Maven) Feb 3, 2026
twilliamson-an akues-an
jasmith-hs
Credited to twilliamson-an, akues-an, and jasmith-hs
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write Critical
CVE-2025-64712 was published for unstructured (pip) Feb 3, 2026
Compressing Vulnerable to Arbitrary File Write via Symlink Extraction High
CVE-2026-24884 was published for compressing (npm) Feb 3, 2026
Heeqw
Credited to Heeqw
RustFS Logs Sensitive Credentials in Plaintext Moderate
CVE-2026-24762 was published for rustfs (Rust) Feb 3, 2026
cchheang
Credited to cchheang
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers High
CVE-2026-21862 was published for rustfs (Rust) Feb 3, 2026
max-r-b enitmar
Credited to max-r-b and enitmar
Decidim's private data exports can lead to data leaks High
CVE-2025-65017 was published for decidim (RubyGems) Feb 3, 2026
ahukkanen
Credited to ahukkanen
Django has an SQL Injection issue High
CVE-2026-1287 was published for Django (pip) Feb 3, 2026
Django has an SQL Injection issue High
CVE-2026-1312 was published for Django (pip) Feb 3, 2026
Django has Observable Timing Discrepancy Low
CVE-2025-13473 was published for Django (pip) Feb 3, 2026
Django has an SQL Injection issue High
CVE-2026-1207 was published for Django (pip) Feb 3, 2026
Django has Inefficient Algorithmic Complexity Low
CVE-2026-1285 was published for Django (pip) Feb 3, 2026
Django has Inefficient Algorithmic Complexity Low
CVE-2025-14550 was published for Django (pip) Feb 3, 2026
Moodle vulnerable to Cross-site Scripting Moderate
CVE-2025-67855 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle Inserts Sensitive Information Into Sent Data Moderate
CVE-2025-67857 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle Open Redirect vulnerability Low
CVE-2025-67852 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle has an authorization logic flaw Moderate
CVE-2025-67856 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle Affected by Improper Restriction of Excessive Authentication Attempts High
CVE-2025-67853 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle Cross-site Scripting (XSS) vulnerability High
CVE-2025-67849 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle formula injection vulnerability Moderate
CVE-2025-67851 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle vulnerable to Cross-site Scripting High
CVE-2025-67850 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle authentication bypass vulnerability High
CVE-2025-67848 was published for moodle/moodle (Composer) Feb 3, 2026
Subrion CMS vulnerable to cross-site scripting Moderate
CVE-2025-70958 was published for intelliants/subrion (Composer) Feb 3, 2026
OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand High
CVE-2026-25157 was published for clawdbot (npm) Feb 2, 2026
koko9xxx
Credited to koko9xxx
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl High
CVE-2026-25253 was published for clawdbot (npm) Feb 2, 2026
DepthFirstDisclosures 0xacb
mavlevin
Credited to DepthFirstDisclosures, 0xacb, and mavlevin
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable High
CVE-2026-24763 was published for clawdbot (npm) Feb 2, 2026
berkdedekarginoglu
Credited to berkdedekarginoglu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database