Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,300 advisories

Loading
Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation High
CVE-2026-46640 was published for twig/twig (Composer) May 21, 2026
vladko312 Credited to vladko312
Twig: PHP code injection via `{% use %}` template name Critical
CVE-2026-46633 was published for twig/twig (Composer) May 21, 2026
lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out High
CVE-2026-46517 was published for lmdeploy (pip) May 21, 2026
ibondarenko1 Credited to ibondarenko1
LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization High
CVE-2026-46432 was published for lmdeploy (pip) May 21, 2026
beanduan22 Credited to beanduan22
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail Moderate Unreviewed
CVE-2026-42396 was published May 21, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client... Critical Unreviewed
CVE-2026-22314 was published May 20, 2026
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the... Critical Unreviewed
CVE-2026-30117 was published May 19, 2026
GlassFish's Administration Console is Vulnerable to RCE Critical
CVE-2026-2586 was published for org.glassfish.jsftemplating:jsftemplating (Maven) May 19, 2026
ModelScope is vulnerable to arbitrary code injection via a crafted module High
CVE-2025-51427 was published for modelscope (pip) May 19, 2026
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives... High Unreviewed
CVE-2026-46586 was published May 19, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of... Moderate Unreviewed
CVE-2026-35086 was published May 19, 2026
ChromaDB Python project has a pre-authentication code injection vulnerability Critical
CVE-2026-45829 was published for chromadb (pip) May 18, 2026
Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API Moderate
CVE-2026-45719 was published for @budibase/server (npm) May 18, 2026
MerlijnW70 Credited to MerlijnW70
Formie: Pre-authenticated server-side template injection in Hidden fields Critical
CVE-2026-45697 was published for verbb/formie (Composer) May 18, 2026
pwnsauc3 Credited to pwnsauc3
A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as... High Unreviewed
CVE-2026-6902 was published May 18, 2026
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability... Critical Unreviewed
CVE-2018-25320 was published May 17, 2026
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed
CVE-2021-47952 was published May 16, 2026
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote... Moderate Unreviewed
CVE-2025-67031 was published May 15, 2026
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2021-47964 was published May 15, 2026
Apache Flink: Remote code execution via SQL injection in code generation High
CVE-2026-35194 was published for org.apache.flink:flink-table-api-java (Maven) May 15, 2026
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method... Moderate Unreviewed
CVE-2026-39052 was published May 15, 2026
Crabbox: environment variable exposure vulnerability Critical
CVE-2026-8634 was published for github.com/openclaw/crabbox (Go) May 14, 2026
Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a... Moderate Unreviewed
CVE-2026-8539 was published May 14, 2026
Electerm Local code through electerm's single-instance socket Critical
CVE-2026-45353 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files Critical
CVE-2026-45374 was published for deepseek-tui (Rust) May 14, 2026
47Cid Credited to 47Cid
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database