Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,938 advisories

Loading
EVE Doesn't Protect Rootfs Moderate
CVE-2023-43636 was published for github.com/lf-edge/eve/pkg/grub (Go) Feb 4, 2026
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Config Partition with Measured Boot Moderate
CVE-2023-43634 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE's Debug Functions Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43633 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager Low
CVE-2026-22254 was published for winter/wn-cms-module (Composer) Feb 4, 2026
iamunixtz
Credited to iamunixtz
EVE Freely Allocates Buffer on The Stack With Data From Socket Moderate
CVE-2023-43632 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE: SSH as Root Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43631 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Measure Config Partition From 2 Fronts Moderate
CVE-2023-43630 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
git2 has potential undefined behavior when dereferencing Buf struct Low
GHSA-j39j-6gw9-jw6h was published for git2 (Rust) Feb 4, 2026
EPyT-Flow vulnerable to unsafe JSON deserialization (__type__) Critical
CVE-2026-25632 was published for epyt-flow (pip) Feb 4, 2026
syphonetic
Credited to syphonetic
n8n's domain allowlist bypass enables credential exfiltration Moderate
CVE-2026-25631 was published for n8n (npm) Feb 4, 2026
weblover12
Credited to weblover12
openmls has improper tag validation High
GHSA-8x3w-qj7j-gqhf was published for openmls (Rust) Feb 4, 2026
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern Critical
CVE-2025-62878 was published for github.com/rancher/local-path-provisioner (Go) Feb 4, 2026
survey-pdf Upgraded jsPDF Version Due to Security Vulnerability Critical
CVE-2026-25630 was published for survey-pdf (npm) Feb 4, 2026
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply High
CVE-2026-25593 was published for openclaw (npm) Feb 4, 2026
hackerman70000
Credited to hackerman70000
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse High
CVE-2026-25536 was published for @modelcontextprotocol/sdk (npm) Feb 4, 2026
gh-arpeet ahabian
Credited to gh-arpeet and ahabian
godot-mcp has Command Injection via unsanitized projectPath High
CVE-2026-25546 was published for @coding-solo/godot-mcp (npm) Feb 4, 2026
wcole3 Coding-Solo
Credited to wcole3 and Coding-Solo
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage High
CVE-2026-25538 was published for github.com/devtron-labs/devtron (Go) Feb 4, 2026
b0b0haha spingARbor
lixingquzhi
Credited to b0b0haha, spingARbor, and lixingquzhi
n8n has a Python sandbox escape Critical
CVE-2026-25115 was published for n8n (npm) Feb 4, 2026
MarcoPoloPie c0rydoras
Credited to MarcoPoloPie and c0rydoras
n8n Merge Node has Arbitrary File Write leading to RCE Critical
CVE-2026-25056 was published for n8n (npm) Feb 4, 2026
nlgbao1340
Credited to nlgbao1340
n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node High
CVE-2026-25055 was published for n8n (npm) Feb 4, 2026
nkoorty jjjutla
Credited to nkoorty and jjjutla
n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI High
CVE-2026-25054 was published for n8n (npm) Feb 4, 2026
MyLong
Credited to MyLong
OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction Moderate
CVE-2026-25475 was published for openclaw (npm) Feb 4, 2026
jasonsutter87 evanotero
Credited to jasonsutter87 and evanotero
Alist vulnerable to Path Traversal in multiple file operation handlers High
CVE-2026-25161 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam A7um
okatu-loli
Credited to XlabAITeam, A7um, and okatu-loli
Alist has Insecure TLS Config Critical
CVE-2026-25160 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam A7um
okatu-loli
Credited to XlabAITeam, A7um, and okatu-loli
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database