Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,300 advisories

Loading
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3... Critical Unreviewed
CVE-2026-8931 was published Jun 1, 2026
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334 High
CVE-2026-47398 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection Critical
CVE-2026-8838 was published for redshift-connector (pip) May 29, 2026
0bi0 Credited to 0bi0
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge High
CVE-2026-44495 was published for axios (npm) May 29, 2026
August829 Credited to August829
Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote... High Unreviewed
CVE-2026-9976 was published May 29, 2026
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote... High Unreviewed
CVE-2026-9938 was published May 29, 2026
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI) High
CVE-2026-46439 was published for compliance-trestle (pip) May 28, 2026
l3tchupkt Credited to l3tchupkt
Insufficient character filtering in backup agent signing module on Comet Backup server allows... Critical Unreviewed
CVE-2026-32999 was published May 28, 2026
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection Critical
CVE-2026-46621 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
superpegaso2703 Credited to superpegaso2703
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override Critical
CVE-2026-46562 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
2BCEB1 Credited to 2BCEB1
Langroid has Prompt to SQL Injection, Leading to RCE Critical
CVE-2026-25879 was published for langroid (pip) May 27, 2026
Ka7arotto Credited to Ka7arotto
LiquidJS is Vulnerable to Remote Code Execution Critical
CVE-2026-45618 was published for liquidjs (npm) May 27, 2026
c0rydoras Credited to c0rydoras
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37712 was published May 27, 2026
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37711 was published May 27, 2026
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37713 was published May 27, 2026
The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions... High Unreviewed
CVE-2026-6169 was published May 27, 2026
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin... High Unreviewed
CVE-2026-8832 was published May 27, 2026
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory` Critical
CVE-2026-44632 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
superpegaso2703 Credited to superpegaso2703
FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection High
CVE-2026-43945 was published for @frangoteam/fuxa (npm) May 26, 2026
ud444ng Credited to ud444ng
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM... Critical Unreviewed
CVE-2026-8633 was published May 26, 2026
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in... High Unreviewed
CVE-2026-8855 was published May 26, 2026
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM... High Unreviewed
CVE-2026-9170 was published May 26, 2026
OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2026-42785 was published May 26, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com... High Unreviewed
CVE-2026-24937 was published May 26, 2026
Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows... Critical Unreviewed
CVE-2018-25357 was published May 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database