GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
4,254 advisories
Filter by severity
A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a...
Low
Unreviewed
CVE-2026-0276
was published
Jul 9, 2026
A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally...
Low
Unreviewed
CVE-2026-0275
was published
Jul 9, 2026
The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in...
Moderate
Unreviewed
CVE-2026-14250
was published
Jul 8, 2026
The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,...
High
Unreviewed
CVE-2026-14482
was published
Jul 8, 2026
The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation...
High
Unreviewed
CVE-2026-9842
was published
Jul 8, 2026
FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2...
High
Unreviewed
CVE-2026-58583
was published
Jul 7, 2026
Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission
Moderate
CVE-2026-50201
was published
for
Steeltoe.Management.Endpoint
(NuGet)
Jul 2, 2026
OpenClaw: Same-host trusted-proxy deployments could accept local forged identity headers
High
GHSA-rggc-m335-3wvj
was published
for
openclaw
(npm)
Jul 2, 2026
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is...
High
Unreviewed
CVE-2026-13228
was published
Jul 1, 2026
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities...
High
Unreviewed
CVE-2026-12224
was published
Jul 1, 2026
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController:...
High
Unreviewed
CVE-2026-57995
was published
Jul 1, 2026
Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed...
Critical
Unreviewed
CVE-2026-14101
was published
Jul 1, 2026
Inappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0...
High
Unreviewed
CVE-2026-14124
was published
Jul 1, 2026
Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
Critical
CVE-2026-50566
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container
Moderate
CVE-2026-50565
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Critical
CVE-2026-50564
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Container Executor Function PodSpec Injection Leading to Node Escape
Critical
CVE-2026-50563
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
Critical
CVE-2026-50545
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: MessageQueueTrigger scaler manager materializes Secret values into Deployment envvars and accepts arbitrary user PodSpec
High
GHSA-7m8x-qg2j-4m3v
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local...
High
Unreviewed
CVE-2025-7406
was published
Jun 30, 2026
Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container...
Critical
Unreviewed
CVE-2026-58053
was published
Jun 28, 2026
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
High
Unreviewed
CVE-2026-58054
was published
Jun 28, 2026
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing...
Critical
Unreviewed
CVE-2026-12415
was published
Jun 27, 2026
When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to...
Moderate
Unreviewed
CVE-2026-45256
was published
Jun 26, 2026
motionEye: LFI → pass‑the‑hash admin → unsafe restore → unauth action exec (RCE)
Critical
GHSA-qxvg-h7q2-hcxh
was published
for
motioneye
(pip)
Jun 23, 2026
ProTip!
Advisories are also available from the
GraphQL API